Results 1 to 6 of 6

Thread: RunLegacyCPLElevated

  1. #1
    Junior Member
    Join Date
    Feb 2011
    Posts
    4

    Question RunLegacyCPLElevated

    This is the second time I have posted this because I couldn't add the information that was required by an answer. I ran DDS as requested so I will post the results here.

    UACU Popup on startup Wanting me to accept Run Legacy CPL Elevated
    It says to accept or cancel
    also the information

    Microsoft Windows
    "C:\windows\system32\RunLegacyCPLElevated.exe"
    Shell32.dll.Control_runDLL
    "C:\Users\Robert\AppData\Local\AwDaGOCwqPn\CviejN.cpl"

    is displayed in the popup.

    I have read several posts that it is some type of virus.

    My antivirus software "AVG internet security bossiness edition 2011" doesn't see it as a threat.

    Running "Windows Vista Home Premium" operating system

    Any help or advice will be greatly appreciated. Thank you in advance.

    Robert.

    DDS logs
    LOG 1
    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Robert at 0:12:04.53 on Mon 04/11/2011
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1917.769 [GMT -5:00]
    .
    AV: AVG Internet Security Business Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Internet Security Business Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\WLTRYSVC.EXE
    C:\Windows\System32\bcmwltry.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\AVG\AVG10\avgfws.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Windows\system32\nlssrv32.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
    C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
    C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\AVG\AVG10\avgam.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\AVG\AVG10\avgchsvx.exe
    C:\Program Files\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Windows\sttray.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Stardock\ObjectDockPlus2\ObjectDock.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Stardock\ObjectDockPlus2\ObjectDockTray.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Robert\Downloads\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
    uStart Page = hxxp://www.yahoo.com/?.home=ytie
    uDefault_Search_URL = hxxp://search.autocompletepro.com/?si=10197&bi=400
    uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    mStart Page = hxxp://www.yahoo.com/?.home=ytie
    mDefault_Page_URL = hxxp://www.yahoo.com/?.home=ytie
    mSearchAssistant = about:blank
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [Google Update] "c:\users\robert\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [CviejN] control.exe "c:\users\robert\appdata\local\awdagocwqpn\CviejN.cpl",0,0
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [SigmatelSysTrayApp] sttray.exe
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    StartupFolder: c:\users\robert\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdockplus2\ObjectDock.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    STS: ObjectDockShlExt Class: {1984d045-52cf-49cd-db77-08f378fea4db} - c:\program files\stardock\objectdockplus2\ODMenu.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\robert\appdata\roaming\mozilla\firefox\profiles\gzj90uqw.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?fr=fptb-tyc|http://www.msn.com/|http://www.googl...om/home.php#!/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
    FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
    FF - component: c:\users\robert\appdata\roaming\mozilla\firefox\profiles\gzj90uqw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\users\robert\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
    FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
    FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
    FF - Ext: AniWeather: {4176DFF4-4698-11DE-BEEB-45DA55D89593} - %profile%\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
    FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
    FF - Ext: Tab Scope: tabscope@xuldev.org - %profile%\extensions\tabscope@xuldev.org
    FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
    R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [2011-3-15 135032]
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-3-21 16184]
    R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-7-12 54112]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
    R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2010-11-22 3226632]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-10-30 21504]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-12-23 363344]
    R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2010-12-23 57344]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-23 20952]
    R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2007-8-15 552448]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-14 136176]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-10-31 144128]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-11 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
    .
    =============== Created Last 30 ================
    .
    2011-04-02 12:45:45 -------- d-----w- c:\program files\Pinxy's Ascii Art Generator
    2011-04-02 12:44:24 286720 ------w- c:\windows\Setup1.exe
    2011-04-02 12:44:22 73216 ----a-w- c:\windows\ST6UNST.EXE
    2011-03-23 07:09:53 797696 ----a-w- c:\windows\system32\FntCache.dll
    2011-03-23 07:09:53 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-03-23 07:09:53 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-03-21 17:41:38 -------- d-----w- c:\users\robert\appdata\roaming\IObit
    2011-03-21 17:41:29 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
    2011-03-21 17:41:29 16184 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
    2011-03-21 17:24:12 -------- d-----w- c:\users\robert\Bluetooth Software
    2011-03-21 17:12:29 106557 ----a-w- c:\windows\system32\btw_ci.dll
    2011-03-21 17:12:28 74656 ----a-w- c:\windows\system32\drivers\btwusb.sys
    2011-03-21 17:12:27 55352 ----a-w- c:\windows\system32\drivers\btwhid.sys
    2011-03-21 17:12:27 156392 ----a-w- c:\windows\system32\drivers\btwdndis.sys
    2011-03-21 17:12:26 879528 ----a-w- c:\windows\system32\drivers\btkrnl.sys
    2011-03-21 17:12:26 37424 ----a-w- c:\windows\system32\drivers\btport.sys
    2011-03-21 17:12:25 539576 ----a-w- c:\windows\system32\drivers\btaudio.sys
    2011-03-21 17:11:42 -------- d-----w- c:\program files\WIDCOMM
    2011-03-21 16:48:44 -------- d-----w- c:\users\robert\{370c7b82-672f-4053-9532-700d6a25011d}
    2011-03-15 12:56:59 135032 ----a-w- c:\windows\system32\drivers\dwprot.sys
    2011-03-12 17:28:40 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    2011-03-12 17:28:40 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    .
    ==================== Find3M ====================
    .
    2011-03-10 01:44:44 246 ----a-w- C:\PPCleanDeleteAtReboot.bat
    2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
    2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
    2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
    2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
    2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
    2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
    2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
    2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
    2011-01-13 23:23:39 1409 ----a-w- c:\windows\QTFont.for
    .
    ============= FINISH: 0:13:53.59 ===============

    Log 2

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 10/28/2010 2:27:46 PM
    System Uptime: 4/10/2011 8:19:23 PM (4 hours ago)
    .
    Motherboard: Dell Inc. | | 0UW744
    Processor: AMD Turion(tm) 64 Mobile Technology MK-36 | Socket M2/S1G1 | 2000/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 102 GiB total, 10.758 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 5.791 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    G: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0001
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #2
    PNP Device ID: ROOT\*ISATAP\0001
    Service: tunnel
    .
    ==== System Restore Points ===================
    .
    RP193: 4/6/2011 10:08:39 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    7-Zip 4.65
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Photoshop 7.0
    Adobe Photoshop CS5
    Adobe Reader 9.4.3
    Adobe Shockwave Player 11.5
    Advanced Audio FX Engine
    AGEIA PhysX v7.03.21
    Alien Skin Eye Candy 6
    Anvil Studio 2011
    Any Audio Converter 3.0.7
    Any Video Converter Professional 3.0.1
    Apple Application Support
    Apple Software Update
    ATI Catalyst Control Center Ex
    ATI PCI Express (3GIO) Filter Driver
    Audacity 1.3.12 (Unicode)
    AVG 2011
    Axialis CursorWorkshop 6.33
    Axialis IconWorkshop 6.50
    Axialis Professional Screen Saver Producer 3.6
    Belkin F5D8053 N Wireless USB Adapter
    Bigasoft BlackBerry Ringtone Maker 1.7.9.3873
    BitTorrent
    BlackBerry Desktop Software 5.0
    BlackBerry Desktop Software 6.0
    BlackBerry Smartphone Simulators 5.0.0.419 (8330-Boost)
    BlackBerry Theme Studio 5.0
    Blender (remove only)
    Braid
    Camtasia Studio 7
    CCleaner
    CDDRV_Installer
    Celestia 1.6.0
    Club Paradise
    CoffeeCup HTML Editor
    Conexant HDA D110 MDC V.92 Modem
    D3DX10
    DAZ|Mimic 3.1
    Dell Resource CD
    Dell Webcam Central
    Dell Wireless WLAN Card
    DHTML Editing Component
    EarthView
    Ease MIDI Converter 1.30
    ffdshow [rev 2527] [2008-12-19]
    GameSpy Arcade
    Gerbtool
    Glary Utilities 2.17.0.776
    Google Chrome
    Google Earth
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    ImageConverter Plus 7.1
    Java Auto Updater
    Java(TM) 6 Update 23
    jpeg-diet 0.26b
    Junk Mail filter update
    KhalInstallWrapper
    Kyodai Mahjongg 2006 v1.0
    LAME v3.98.3 for Audacity
    LightWave 10.0
    Live! Cam Avatar Creator
    Logitech SetPoint
    Magic ISO Maker v5.4 (build 0239)
    MagicDisc 2.7.106
    MahJong Suite 2011 v8.0
    MahJong Suite Graphics Pack Volume 2 - v2.9
    Malwarebytes' Anti-Malware
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Windows Performance Toolkit
    Microsoft WSE 3.0
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Morph Master 1.11
    Morph Master Pro
    Morpheus Photo Animation Suite v3.10
    Mozilla Firefox (3.6.16)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML4 Parser
    Multisim 8
    MyProduct
    Nightmare on the Pacific CE 1.00
    Notepad++
    ObjectDock Plus 2
    particleIllusion 3.0
    particleIllusion 3.0.4
    Pcsx2 0.9.6
    PDF Settings CS5
    Pheobe Screensaver
    Pheobe2 Screensaver
    Pinxy's Ascii Art Generator v1.2
    Poser Pro 2010 Content
    PoserFusion 2010 for Maya
    POV-Ray for Windows v3.62
    Project1 Screensaver
    Python 2.7.1
    Queue Manager 2010
    Random Screensaver
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    RSR Converter
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office Groove 2007 (KB2494047)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Media Encoder (KB2447961)
    Segoe UI
    Sentinel Protection Installer 7.6.1
    Serif WebPlus X4
    SigmaTel Audio
    Smart Defrag 2
    SolSuite 2010 v10.1
    Sothink SWF Decompiler
    Sothink SWF Easy
    Sothink SWF Quicker
    Spybot - Search & Destroy
    Stardock Software
    Synaptics Pointing Device Driver
    The CrossDresser 2.5.0
    The Tailor 1.61
    TreeSize Free V2.4
    Ultiboard 8
    Ultiroute 8
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2412171)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2508979)
    Vbsedit
    Victoria 4.2 Base DAZ Studio Content
    Vivitar Experience Image Manager
    VLC media player 1.1.5
    Vuze
    WhiteCap
    WIDCOMM Bluetooth Software
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Encoder 9 Series
    WinZip 14.0
    Wisdom-soft Set up ScreenHunter 5.1 Free
    Yahoo! Anti-Spy
    Yahoo! Install Manager
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/9/2011 8:15:37 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 0022759076F2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    4/9/2011 6:43:58 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 00197D833BD8 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    4/9/2011 5:41:17 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.34 for the Network Card with network address 0022759076F2 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    4/9/2011 2:09:29 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
    4/9/2011 12:07:55 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 0022759076F2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    4/8/2011 6:21:56 AM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    4/8/2011 6:21:55 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
    4/8/2011 2:35:16 PM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00197D833BD8. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    4/8/2011 12:55:47 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 0022759076F2 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    4/8/2011 1:20:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
    4/8/2011 1:09:49 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 spldr sptd Wanarpv6
    4/8/2011 1:09:49 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    4/8/2011 1:09:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    4/8/2011 1:09:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    4/8/2011 1:09:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    4/8/2011 1:08:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    4/8/2011 1:08:22 AM, Error: EventLog [6008] - The previous system shutdown at 1:01:19 AM on 4/8/2011 was unexpected.
    4/8/2011 1:07:25 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    4/5/2011 5:31:12 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 0022759076F2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    4/5/2011 12:18:29 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    4/10/2011 8:22:31 PM, Error: Service Control Manager [7022] - The AVGIDSAgent service hung on starting.
    4/10/2011 8:21:04 PM, Error: Service Control Manager [7023] - The Pml Driver HPZ12 service terminated with the following error: The specified module could not be found.
    4/10/2011 8:21:04 PM, Error: Service Control Manager [7023] - The Net Driver HPZ12 service terminated with the following error: The specified module could not be found.
    4/10/2011 8:20:09 PM, Error: R300 [43015] - I2c return failed
    4/10/2011 11:51:32 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 00197D833BD8 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    4/10/2011 11:48:41 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.39 for the Network Card with network address 00197D833BD8 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    .
    ==== End Of File ===========================

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    Hi,

    Me again. Does a updated malwarebytes come up clean after a scan? It pops up only when you start up the computer? you can do a on line scan for another opinion:

    ESET online scanner:

    http://www.eset.com/onlinescan/

    Use Internet Explorer
    check "YES" to accept terms
    click start button
    allow the ActiveX component to install
    click the start button. the Scanner will update.
    check both "Remove found threats" and "Scan archives" Leave the defaults checked under Advanced settings
    click scan. When it completes click "List found threats"
    click "Export to text file.." and save it to your desktop. Post the saved log.
    Click "back" and "finish"
    How Can I Reduce My Risk?

  3. #3
    Junior Member
    Join Date
    Feb 2011
    Posts
    4

    Default Eset scan

    The Eset scan found 1 virus.

    C:\Users\Robert\AppData\Local\AwDaGOCwqPn\CviejN.cpl a variant of Win32/Sefnit.AL trojan cleaned by deleting - quarantined

    Updated Malwarebytes doesn't report anything when I do a Complete scan or Flash scan.

    But still have the Run Legacy CPL Elevated pop up on start up. Which I always have to click on cancel.

  4. #4
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    ok, post a traditional HJT log, version 2.0.4 See Using HJT on how to make a report, or the quick start guide.

    HJT
    How Can I Reduce My Risk?

  5. #5
    Junior Member
    Join Date
    Feb 2011
    Posts
    4

    Default Fixed.

    I just started my computer again and the pop up didn't show. I think the Eset scan did get it. Thank you for your time and help.

  6. #6
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    your welcome. Happy Safe surfing.
    How Can I Reduce My Risk?

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •