Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Time and date changed

  1. #1
    Member
    Join Date
    Mar 2010
    Posts
    90

    Default Time and date changed

    Hi, I turned on the computer today and it went to the F1 F2 option to start normally or go to set up I chose start normally, then i noticed the windows security alert shield and it said my virus definitions where out of date to I opened AVG and updated. when it was finished updating I noticed it said "last updated on Jan 01 2007 and I looked down at the time in the system tray and it said it was Jan 01 2007 @ 12:05 am. I tried to reset the time but it would not sync with any of the pre- set defaults, so I manually set the time and date.
    Now Avg says it is up to date but Windows security alert says it is not. Also Windows update will not work. Thanks You in advance.



    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.1.0
    Run by Jeannie Lavender at 12:45:08 on 2011-11-10
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1015.271 [GMT -8:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Windows\system32\lxdncoms.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Secunia\PSI\PSIA.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Secunia\PSI\psi_tray.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Clearwire\Connection Manager\ClearwireCM.exe
    C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe
    C:\Program Files\Clearwire\Connection Manager\ConAppsSvc.exe
    C:\program files\clearwire\connection manager\Location Finder\mylocal.exe
    C:\Program Files\Secunia\PSI\sua.exe
    C:\Windows\System32\notepad.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = <local>
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
    uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [Clearwire Connection Manager] "c:\program files\clearwire\connection manager\ClearwireCM.exe" -a
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
    mRun: [lxdnamon] "c:\program files\lexmark 2600 series\lxdnamon.exe"
    mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
    StartupFolder: c:\users\jeanni~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    LSP: c:\windows\system32\wpclsp.dll
    Trusted Zone: internet
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: mcafee.com
    Trusted Zone: turbotax.com
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 66.233.169.12 64.13.115.12
    TCP: Interfaces\{02038206-7C08-4C51-8EF4-72B0822C863A} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{9FE84712-9608-4D73-87D6-B1AD39489673} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    TCP: Interfaces\{B46D9F83-1D51-4D38-A6F3-6B2D6493ACF8} : DhcpNameServer = 192.168.0.1 205.171.3.25
    TCP: Interfaces\{E6A6814A-4D6D-4A90-A15F-DE84F1E37853} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{EE1FD3A5-99C1-43FC-A106-74EA610F1620} : DhcpNameServer = 66.233.169.12 64.13.115.12
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Notify: igfxcui - igfxdev.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\jeannie lavender\appdata\roaming\mozilla\firefox\profiles\5unxrik7.default\
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\users\jeannie lavender\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\users\jeannie lavender\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\jeannie lavender\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-10-19 21504]
    R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-10-15 1153368]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-13 994360]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-13 399416]
    R2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files\clearwire\connection manager\DeviceLaunchSvc.exe [2009-11-9 107856]
    R3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;c:\windows\system32\drivers\AVer88xHD.sys [2007-5-21 401408]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
    R3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2009-11-3 282112]
    R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2009-11-3 51712]
    R3 CACLEARWIRE;Clearwire Con App Svc;c:\program files\clearwire\connection manager\ConAppsSvc.exe [2009-11-9 124240]
    R3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files\clearwire\connection manager\RcAppSvc.exe [2009-11-9 120144]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
    S2 inewnetworks;Network Location Awarenes(NLA);c:\windows\system32\svchost.exe -k inetworks [2011-10-19 21504]
    S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2008-2-27 98984]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-5-20 30576]
    S3 netr73;Belkin Wireless 54G USB Network Adapter Driver for Vista;c:\windows\system32\drivers\netr73.sys [2010-2-6 464384]
    S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
    S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2011-10-15 523264]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-11-09 02:31:29 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2011-11-09 02:27:58 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 02:27:55 707584 ----a-w- c:\program files\common files\system\wab32.dll
    2011-11-08 05:52:08 -------- d-----w- c:\programdata\Big Fish Games
    2011-11-08 05:45:49 -------- d-----w- C:\BigFishGamesCache
    2011-11-04 01:43:25 -------- d-----w- c:\users\jeannie lavender\appdata\roaming\FaxCtr
    2011-11-04 00:25:08 -------- d-----w- c:\users\jeannie lavender\appdata\roaming\Lexmark Productivity Studio
    2011-11-04 00:18:59 45056 ----a-w- c:\windows\system32\LXF3PMON.DLL
    2011-11-04 00:18:59 32768 ----a-w- c:\windows\system32\LXF3FXPU.DLL
    2011-11-04 00:18:39 69632 ----a-w- c:\windows\system32\IM31XTIF.DEL
    2011-11-04 00:18:39 53248 ----a-w- c:\windows\system32\lxf3oem.dll
    2011-11-04 00:18:39 49152 ----a-w- c:\windows\system32\IM31IMG.DIL
    2011-11-04 00:18:39 12288 ----a-w- c:\windows\system32\LXF3PMRC.DLL
    2011-11-04 00:18:38 98345 ----a-w- c:\windows\system32\IMHOST32.DLL
    2011-11-04 00:18:38 98304 ----a-w- c:\windows\system32\IM31XPNG.DEL
    2011-11-04 00:18:37 339968 ----a-w- c:\windows\system32\IMGMAN32.DLL
    2011-11-04 00:18:27 -------- d-----w- c:\programdata\FaxCtr
    2011-11-04 00:18:07 -------- d-----w- c:\program files\Lexmark Fax Solutions
    2011-11-04 00:17:45 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
    2011-11-04 00:17:21 -------- d-----w- c:\program files\Lexmark Tools for Office
    2011-11-04 00:16:07 17064 ----a-w- c:\windows\system32\lxdnwupd.exe
    2011-11-04 00:16:07 102400 ----a-w- c:\windows\system32\lxdnwupd.dll
    2011-11-04 00:16:04 348160 ----a-w- c:\windows\system32\LXDNinst.dll
    2011-11-04 00:16:03 438272 ----a-w- c:\windows\system32\LXDNhcp.dll
    2011-11-04 00:13:17 -------- d-----w- c:\program files\Lexmark 2600 Series
    2011-11-04 00:09:01 -------- d-----w- C:\logs
    2011-11-04 00:08:49 115200 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lxdndrpp.dll
    2011-11-03 23:51:14 348160 ----a-w- c:\windows\system32\lxdncoin.dll
    2011-11-03 23:44:56 -------- d-----w- c:\programdata\Ezprint
    2011-11-03 23:44:13 -------- d-----w- c:\program files\Lexmark Toolbar
    2011-11-03 23:14:20 -------- d-----w- c:\users\jeannie lavender\{8518fd66-cd08-478a-a9d6-c9edcdfd48be}
    2011-11-03 22:59:17 -------- d-----w- c:\users\jeannie lavender\{aca43aac-32e0-46a2-8b24-c52481567b65}
    2011-11-03 22:59:10 -------- d-----w- c:\program files\Lexmark 730 Series
    2011-11-03 09:45:18 417792 ----a-w- c:\program files\windows media player\plugins\wmp_scrobbler.dll
    2011-11-03 09:45:18 -------- d-----w- c:\programdata\Last.fm
    2011-11-03 09:42:21 -------- d-----w- c:\users\jeannie lavender\appdata\local\Last.fm
    2011-11-03 09:42:11 -------- d-----w- c:\program files\Last.fm
    2011-11-03 06:27:09 81768 ----a-w- c:\windows\system32\xinput1_3.dll
    2011-11-03 06:27:08 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
    2011-11-03 06:26:08 -------- d-----w- c:\program files\ConsoleClassix.com
    2011-10-27 21:53:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
    2011-10-27 21:53:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
    2011-10-27 21:53:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2011-10-27 21:53:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2011-10-27 21:53:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2011-10-27 21:53:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2011-10-27 21:53:17 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    2011-10-24 21:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 21:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-24 01:32:49 -------- d-----w- c:\windows\system32\Adobe
    2011-10-24 01:32:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-23 21:43:10 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-10-21 20:59:11 -------- d-----w- c:\users\jeannie lavender\{c5a5264c-5203-4090-bfac-519b80c68280}
    2011-10-21 20:58:32 -------- d-----w- c:\programdata\lx_Cats
    2011-10-21 20:58:20 -------- d-----w- C:\Temp
    2011-10-21 20:50:48 -------- d-----w- c:\users\jeannie lavender\{b35cdf18-9f7e-4656-b0f9-ab3b14386a0a}
    2011-10-20 23:16:33 -------- d-----w- c:\program files\Windows Portable Devices
    2011-10-20 22:44:48 92672 ----a-w- c:\windows\system32\UIAnimation.dll
    2011-10-20 22:44:47 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
    2011-10-20 22:44:47 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
    2011-10-20 22:36:54 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-10-20 22:35:52 369664 ----a-w- c:\windows\system32\WMPhoto.dll
    2011-10-20 22:35:52 195584 ----a-w- c:\windows\system32\dxdiagn.dll
    2011-10-20 22:35:51 252928 ----a-w- c:\windows\system32\dxdiag.exe
    2011-10-20 22:35:48 519680 ----a-w- c:\windows\system32\d3d11.dll
    2011-10-20 22:35:46 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
    2011-10-20 22:35:45 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2011-10-20 22:35:45 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
    2011-10-20 21:40:57 -------- d-----w- c:\program files\VideoLAN
    2011-10-20 20:38:22 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2011-10-20 20:38:22 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
    2011-10-20 20:38:22 293376 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-20 20:38:22 217088 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-20 20:38:20 375808 ----a-w- c:\windows\system32\winsrv.dll
    2011-10-20 20:36:38 797696 ----a-w- c:\windows\system32\FntCache.dll
    2011-10-20 20:36:38 683008 ----a-w- c:\windows\system32\d2d1.dll
    2011-10-20 20:36:38 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-10-20 20:36:38 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-10-20 20:36:38 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2011-10-20 20:36:37 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-10-20 20:36:36 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2011-10-20 20:36:36 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-10-20 20:36:36 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-10-20 20:36:36 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2011-10-20 20:36:36 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2011-10-20 20:36:35 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2011-10-20 20:34:39 2043392 ----a-w- c:\windows\system32\win32k.sys
    2011-10-20 20:32:34 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2011-10-20 20:32:34 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-10-20 20:32:33 238080 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-20 20:32:32 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-20 20:32:13 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-20 20:32:12 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-20 20:30:32 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-10-20 09:48:32 -------- d-----w- c:\windows\system32\eu-ES
    2011-10-20 09:48:32 -------- d-----w- c:\windows\system32\ca-ES
    2011-10-20 09:48:31 -------- d-----w- c:\windows\system32\vi-VN
    2011-10-20 09:18:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2011-10-20 09:18:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2011-10-20 09:09:15 -------- d-----w- c:\windows\system32\EventProviders
    2011-10-20 08:29:41 -------- d-----w- C:\BC4933DC5E2E349A34DBF3D70E
    2011-10-20 08:19:16 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
    2011-10-20 07:55:59 1216000 ----a-w- c:\windows\system32\AuxiliaryDisplayCpl.dll
    2011-10-20 07:54:53 880640 ----a-w- c:\windows\system32\RacEngn.dll
    2011-10-20 07:53:59 614376 ----a-w- c:\windows\system32\ci.dll
    2011-10-20 07:52:59 282624 ----a-w- c:\windows\system32\w32time.dll
    2011-10-20 07:51:58 197632 ----a-w- c:\windows\system32\SndVol.exe
    2011-10-20 07:50:59 73216 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
    2011-10-20 07:49:59 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys
    2011-10-20 07:48:57 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
    2011-10-20 07:48:57 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
    2011-10-20 07:48:57 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
    2011-10-20 07:48:57 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
    2011-10-20 07:48:57 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
    2011-10-20 07:48:56 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
    2011-10-20 07:48:56 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
    2011-10-20 07:48:52 705536 ----a-w- c:\windows\system32\SmiEngine.dll
    2011-10-20 07:48:46 218624 ----a-w- c:\windows\system32\wdscore.dll
    2011-10-20 07:48:46 130560 ----a-w- c:\windows\system32\PkgMgr.exe
    2011-10-20 07:48:27 247808 ----a-w- c:\windows\system32\drvstore.dll
    2011-10-20 07:38:15 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2011-10-20 07:38:15 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2011-10-20 07:38:15 297808 ----a-w- c:\windows\system32\mscoree.dll
    2011-10-20 07:38:15 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2011-10-20 07:38:15 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2011-10-20 07:11:36 66048 ----a-w- c:\program files\windows mail\wabmig.exe
    2011-10-20 07:11:36 515584 ----a-w- c:\program files\windows mail\wab.exe
    2011-10-20 07:11:36 33280 ----a-w- c:\program files\windows mail\wabfind.dll
    2011-10-20 07:11:34 1316864 ----a-w- c:\windows\system32\ole32.dll
    2011-10-20 07:11:33 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
    2011-10-20 07:11:29 36864 ----a-w- c:\windows\system32\rtutils.dll
    2011-10-20 07:11:26 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-10-20 07:11:25 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-10-20 07:11:25 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-10-20 07:11:14 1696256 ----a-w- c:\windows\system32\gameux.dll
    2011-10-20 07:11:07 1205080 ----a-w- c:\windows\system32\ntdll.dll
    2011-10-20 07:10:54 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2011-10-20 07:10:53 17920 ----a-w- c:\windows\system32\netevent.dll
    2011-10-20 07:10:45 81920 ----a-w- c:\windows\system32\iccvid.dll
    2011-10-20 07:10:32 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
    2011-10-20 07:10:31 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2011-10-20 07:10:14 413696 ----a-w- c:\windows\system32\odbc32.dll
    2011-10-20 07:10:13 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
    2011-10-20 07:10:12 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll
    2011-10-20 07:10:11 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll
    2011-10-20 07:10:11 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll
    2011-10-20 07:10:11 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll
    2011-10-20 07:08:38 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-10-20 07:08:38 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-10-20 07:08:35 81920 ----a-w- c:\windows\system32\consent.exe
    2011-10-20 07:08:31 128000 ----a-w- c:\windows\system32\spoolsv.exe
    2011-10-20 07:08:27 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
    2011-10-20 07:08:23 10926592 ----a-w- c:\program files\movie maker\MOVIEMK.dll
    2011-10-20 07:08:20 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe
    2011-10-20 07:08:17 867328 ----a-w- c:\windows\system32\wmpmde.dll
    2011-10-20 07:08:13 273408 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-10-20 07:08:08 1169408 ----a-w- c:\windows\system32\sdclt.exe
    2011-10-20 07:07:59 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2011-10-20 07:07:53 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
    2011-10-20 07:07:51 157184 ----a-w- c:\windows\system32\t2embed.dll
    2011-10-20 07:07:27 601600 ----a-w- c:\windows\system32\schedsvc.dll
    2011-10-20 07:07:26 352768 ----a-w- c:\windows\system32\taskschd.dll
    2011-10-20 07:07:26 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2011-10-20 07:07:26 270336 ----a-w- c:\windows\system32\taskcomp.dll
    2011-10-20 07:07:26 171520 ----a-w- c:\windows\system32\taskeng.exe
    2011-10-20 07:07:01 739328 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-20 06:56:35 49152 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-20 06:56:23 276992 ----a-w- c:\windows\system32\schannel.dll
    2011-10-20 06:56:14 531968 ----a-w- c:\windows\system32\comctl32.dll
    2011-10-20 06:48:44 2067968 ----a-w- c:\windows\system32\mstscax.dll
    2011-10-20 06:48:43 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-10-20 06:48:43 63488 ----a-w- c:\windows\system32\tscupgrd.exe
    2011-10-20 06:41:06 -------- d-----w- c:\program files\Microsoft
    2011-10-20 06:40:49 -------- d-----w- c:\program files\Windows Live SkyDrive
    2011-10-20 06:38:30 -------- d-----w- c:\program files\common files\Windows Live
    2011-10-20 06:29:45 -------- d-----w- c:\program files\MSECache
    2011-10-20 06:24:44 -------- d-----w- c:\users\jeannie lavender\appdata\roaming\HpUpdate
    2011-10-20 06:24:08 -------- d-----w- c:\windows\Hewlett-Packard
    2011-10-20 05:04:49 -------- d-----w- c:\users\jeannie lavender\appdata\local\Secunia PSI
    2011-10-20 05:04:27 -------- d-----w- c:\program files\Secunia
    2011-10-20 05:01:55 -------- d-s---w- C:\ComboFix
    2011-10-20 00:25:16 305152 ----a-w- c:\windows\system32\msdelta.dll
    2011-10-20 00:24:24 2730536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\default\MpEngine.dll
    2011-10-20 00:24:15 705536 ----a-w- c:\windows\system32\imagesp1.dll
    2011-10-20 00:24:11 116736 ----a-w- c:\windows\system32\sstpsvc.dll
    2011-10-20 00:24:05 1008184 ----a-w- c:\program files\windows defender\MSASCui.exe
    2011-10-20 00:22:59 983040 ----a-w- c:\program files\windows journal\JNTFiltr.dll
    2011-10-20 00:21:59 79360 ----a-w- c:\windows\system32\QUTIL.DLL
    2011-10-20 00:20:58 397312 ----a-w- c:\program files\windows mail\WinMail.exe
    2011-10-20 00:19:58 7680 ----a-w- c:\windows\system32\spwizres.dll
    2011-10-20 00:19:58 2048 ----a-w- c:\windows\system32\wertargets.wtl
    2011-10-20 00:19:56 12198 ----a-w- c:\windows\system32\gatherWiredInfo.vbs
    2011-10-20 00:19:06 89088 ----a-w- c:\windows\system32\wiafbdrv.dll
    2011-10-20 00:18:39 102400 ----a-w- c:\windows\system32\wbem\mofinstall.dll
    2011-10-20 00:18:38 357888 ----a-w- c:\windows\system32\wbemcomn.dll
    2011-10-20 00:18:27 129536 ----a-w- c:\windows\system32\sqmapi.dll
    2011-10-20 00:18:26 139264 ----a-w- c:\windows\system32\SmiInstaller.dll
    2011-10-20 00:17:35 35328 ----a-w- c:\windows\system32\mspatcha.dll
    2011-10-20 00:17:35 258560 ----a-w- c:\windows\system32\dpx.dll
    2011-10-20 00:17:24 6656 ----a-w- c:\windows\system32\kbd106.dll
    2011-10-19 08:36:14 -------- d-----w- c:\program files\common files\xing shared
    2011-10-19 08:31:16 -------- d-----w- c:\users\jeannie lavender\appdata\local\Ilivid Player
    2011-10-19 08:24:47 -------- dc-h--w- c:\programdata\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}
    2011-10-19 08:24:27 -------- d-----w- c:\program files\iLivid
    2011-10-19 08:22:54 -------- d-----w- c:\users\jeannie lavender\appdata\local\PackageAware
    2011-10-19 07:56:22 645632 ----a-w- c:\windows\system32\xvidcore.dll
    2011-10-19 07:56:22 240640 ----a-w- c:\windows\system32\xvidvfw.dll
    2011-10-19 07:56:22 153088 ----a-w- c:\windows\system32\xvid.ax
    2011-10-19 07:56:13 -------- d-----w- c:\program files\Xvid
    2011-10-18 09:40:19 -------- d-----w- c:\program files\ESET
    2011-10-18 09:27:11 544656 ----a-w- c:\windows\system32\deployJava1.dll
    2011-10-18 06:32:12 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-10-18 06:31:44 -------- d-----w- c:\users\jeannie lavender\appdata\local\temp
    2011-10-17 22:43:50 -------- d-----w- c:\program files\CONEXANT
    2011-10-17 22:13:21 0 ---ha-w- c:\users\jeannie lavender\appdata\local\BITF0B.tmp
    2011-10-17 03:19:24 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2011-10-17 00:00:19 -------- d-----w- c:\users\jeannie lavender\appdata\local\Mozilla
    2011-10-16 22:55:06 -------- d-----w- c:\users\jeannie lavender\appdata\local\Clearwire
    2011-10-16 22:55:04 -------- d-----w- c:\program files\Skyhook Wireless
    2011-10-16 22:51:28 -------- d-----w- c:\program files\common files\PctelEapPeer Authentication
    2011-10-16 22:51:21 -------- d-----w- c:\programdata\Clearwire
    2011-10-16 22:51:20 -------- d-----w- c:\program files\Clearwire
    2011-10-16 21:33:03 -------- d-----w- c:\program files\CCleaner
    2011-10-16 07:31:10 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
    2011-10-16 07:31:05 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-10-16 07:31:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-10-16 07:22:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-10-16 07:22:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-10-16 05:48:55 -------- d-----w- C:\$AVG
    2011-10-16 04:57:15 -------- d-----w- c:\users\jeannie lavender\appdata\roaming\AVG2012
    2011-10-16 04:56:24 -------- d--h--w- c:\programdata\Common Files
    2011-10-16 04:55:21 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-10-16 04:55:21 -------- d-----w- c:\programdata\AVG2012
    2011-10-16 04:54:35 -------- d-----w- c:\program files\AVG
    2011-10-16 04:54:12 523264 ----a-w- c:\windows\system32\drivers\RTL8192su.sys
    2011-10-16 04:50:02 -------- d-----w- c:\programdata\MFAData
    .
    ==================== Find3M ====================
    .
    2011-10-20 22:36:54 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-10-20 22:35:54 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
    2011-10-20 01:35:23 101888 ----a-w- c:\windows\system32\ifxcardm.dll
    2011-10-20 01:35:11 82432 ----a-w- c:\windows\system32\axaltocm.dll
    2011-10-19 08:35:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-10-07 13:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2011-10-04 13:21:16 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
    2011-09-13 13:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    .
    ============= FINISH: 12:48:03.04 ===============

  2. #2
    Emeritus- Malware Team
    Join Date
    May 2009
    Location
    Buenos Aires, Argentina
    Posts
    340

    Default

    Hi jamper,

    If you still need help, please follow these steps:


    Step 1 | Please download OTL from one of the following mirrors:

    This is THE Mirror

    --------------------------------------------------------------------

    • Save it to your desktop.
    • Double click on the icon on your desktop.
    • Click the "Scan All Users" checkbox.
    • Push the button.
    • Two reports will open, copy and paste them in your next reply:


    OTListIt.txt <-- Will be opened
    Extras.txt <-- Will be minimized



    Step 2 | Please download GMER from one of the following locations and save it to your desktop:

    Main Mirror - This version will download a randomly named file (Recommended)
    Zipped Mirror - This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

    --------------------------------------------------------------------

    • Disconnect from the Internet and close all running programs.
    • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
    • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.


    Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.



    • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
    • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
    • Make sure all options are checked except:
      • IAT/EAT
      • Drives/Partition other than Systemdrive, which is typically C:\
      • Show All (This is important, so do not miss it.)



    Click the image to enlarge it

    • Now click the Scan button. If you see a rootkit warning window, click OK.
    • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
    • Click the Copy button and paste the results into your next reply.
    • Exit GMER and re-enable all active protection when done.

    -- If you encounter any problems, try running GMER in Safe Mode.
    -- WTT Classroom Graduate --
    -- ASAP Member --
    -- UNITE Trained Eliminator --

  3. #3
    Member
    Join Date
    Mar 2010
    Posts
    90

    Default

    Hello, Thanks for helping. Let me give you a little info on this computer, It is my neighbors computer and last month this forum with the help of Blade81 got it working fine. Last week when I checked to see if it was running alright is when I noticed the problem, since then a few more annoyances have occurred and Firefox automatically updated to its latest version and a few more things have been happening, so today(before I saw that you answered my post) i uninstalled the Firefox and installed a older version. So I am including with this post a new DDS log and attachment. Also I am unable to download OTL from anywhere, no matter what link (even from there own website) it will not download, it either goes to a cannot display page or attempts to download but disappears.
    thanks again


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-11-18 22:10:21
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 ST3320820AS rev.3.AAD
    Running: gmer.exe; Driver: C:\Users\JEANNI~1\AppData\Local\Temp\pxldapow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA8E7AF3C]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA8E7AFE4]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA8E7B080]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA8E7B11C]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!KeInsertQueue + 5E1 82486BD8 4 Bytes [3C, AF, E7, A8] {CMP AL, 0xaf; OUT 0xa8, EAX}
    .text ntoskrnl.exe!KeInsertQueue + 811 82486E08 8 Bytes [E4, AF, E7, A8, 80, B0, E7, ...]
    .text ntoskrnl.exe!KeInsertQueue + 871 82486E68 4 Bytes [1C, B1, E7, A8] {SBB AL, 0xb1; OUT 0xa8, EAX}

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----



    DDS

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.1.0
    Run by Jeannie Lavender at 22:11:21 on 2011-11-18
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1015.257 [GMT -8:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Clearwire\Connection Manager\ClearwireCM.exe
    C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe
    C:\Program Files\Clearwire\Connection Manager\ConAppsSvc.exe
    C:\program files\clearwire\connection manager\Location Finder\mylocal.exe
    C:\Windows\system32\lxdncoms.exe
    C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
    C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\System32\notepad.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\System32\osk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = <local>
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Clearwire Connection Manager] "c:\program files\clearwire\connection manager\ClearwireCM.exe" -a
    mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
    mRun: [lxdnamon] "c:\program files\lexmark 2600 series\lxdnamon.exe"
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    LSP: c:\windows\system32\wpclsp.dll
    Trusted Zone: internet
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: mcafee.com
    Trusted Zone: turbotax.com
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 66.233.169.12 64.13.115.12
    TCP: Interfaces\{02038206-7C08-4C51-8EF4-72B0822C863A} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{9FE84712-9608-4D73-87D6-B1AD39489673} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    TCP: Interfaces\{B46D9F83-1D51-4D38-A6F3-6B2D6493ACF8} : DhcpNameServer = 192.168.0.1 205.171.3.25
    TCP: Interfaces\{E6A6814A-4D6D-4A90-A15F-DE84F1E37853} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{EE1FD3A5-99C1-43FC-A106-74EA610F1620} : DhcpNameServer = 66.233.169.12 64.13.115.12
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Notify: igfxcui - igfxdev.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\jeannie lavender\appdata\roaming\mozilla\firefox\profiles\5unxrik7.default\
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
    FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
    FF - component: c:\users\jeannie lavender\appdata\roaming\mozilla\firefox\profiles\5unxrik7.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\users\jeannie lavender\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\users\jeannie lavender\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\jeannie lavender\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
    FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    FF - Ext: Adblock Plus Pop-up Addon: adblockpopups@jessehakanen.net - %profile%\extensions\adblockpopups@jessehakanen.net
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: LastPass: support@lastpass.com - %profile%\extensions\support@lastpass.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg2012\Firefox4
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-10-19 21504]
    R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-10-15 1153368]
    R2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files\clearwire\connection manager\DeviceLaunchSvc.exe [2009-11-9 107856]
    R3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;c:\windows\system32\drivers\AVer88xHD.sys [2007-5-21 401408]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
    R3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2009-11-3 282112]
    R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2009-11-3 51712]
    R3 CACLEARWIRE;Clearwire Con App Svc;c:\program files\clearwire\connection manager\ConAppsSvc.exe [2009-11-9 124240]
    R3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files\clearwire\connection manager\RcAppSvc.exe [2009-11-9 120144]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
    S2 inewnetworks;Network Location Awarenes(NLA);c:\windows\system32\svchost.exe -k inetworks [2011-10-19 21504]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-5-20 30576]
    S3 netr73;Belkin Wireless 54G USB Network Adapter Driver for Vista;c:\windows\system32\drivers\netr73.sys [2010-2-6 464384]
    S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
    S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2011-10-15 523264]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-11-19 01:06:33 17064 ----a-w- c:\windows\system32\lxdnwupd.exe
    2011-11-19 01:06:32 102400 ----a-w- c:\windows\system32\lxdnwupd.dll
    2011-11-19 01:06:25 438272 ----a-w- c:\windows\system32\LXDNhcp.dll
    2011-11-19 01:06:25 348160 ----a-w- c:\windows\system32\LXDNinst.dll
    2011-11-19 01:06:22 524288 ----a-w- c:\windows\system32\tmp593A.tmp
    2011-11-19 01:06:20 569344 ----a-w- c:\windows\system32\tmp4FA4.tmp
    2011-11-19 01:06:19 147456 ----a-w- c:\windows\system32\tmp4DBF.tmp
    2011-11-19 01:06:16 983121 ----a-w- c:\windows\system32\tmp3EBA.tmp
    2011-11-19 01:06:12 851968 ----a-w- c:\windows\system32\tmp31A9.tmp
    2011-11-19 01:06:03 -------- d-----w- c:\program files\Lexmark 2600 Series
    2011-11-19 00:06:40 115200 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lxdndrpp.dll
    2011-11-18 23:38:33 -------- d-----w- c:\users\jeannie lavender\appdata\local\ElevatedDiagnostics
    2011-11-18 22:45:55 -------- d-----w- c:\program files\MozBackup
    2011-11-13 11:18:06 -------- d-----w- c:\users\jeannie lavender\appdata\local\Clearwire
    2011-11-13 11:16:56 -------- d-----w- c:\program files\common files\PctelEapPeer Authentication
    2011-11-13 11:13:35 -------- d-----w- c:\programdata\Clearwire
    2011-11-13 09:15:07 -------- d-----w- c:\program files\CCleaner
    2011-11-12 05:42:02 -------- d-----w- c:\windows\pss
    2011-11-09 02:31:29 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2011-11-09 02:27:58 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 02:27:55 707584 ----a-w- c:\program files\common files\system\wab32.dll
    2011-11-08 05:52:08 -------- d-----w- c:\programdata\Big Fish Games
    2011-11-08 05:45:49 -------- d-----w- C:\BigFishGamesCache
    2011-11-04 01:43:25 -------- d-----w- c:\users\jeannie lavender\appdata\roaming\FaxCtr
    2011-11-04 00:25:08 -------- d-----w- c:\users\jeannie lavender\appdata\roaming\Lexmark Productivity Studio
    2011-11-04 00:18:59 45056 ----a-w- c:\windows\system32\LXF3PMON.DLL
    2011-11-04 00:18:59 32768 ----a-w- c:\windows\system32\LXF3FXPU.DLL
    2011-11-04 00:18:39 69632 ----a-w- c:\windows\system32\IM31XTIF.DEL
    2011-11-04 00:18:39 53248 ----a-w- c:\windows\system32\lxf3oem.dll
    2011-11-04 00:18:39 49152 ----a-w- c:\windows\system32\IM31IMG.DIL
    2011-11-04 00:18:39 12288 ----a-w- c:\windows\system32\LXF3PMRC.DLL
    2011-11-04 00:18:38 98345 ----a-w- c:\windows\system32\IMHOST32.DLL
    2011-11-04 00:18:38 98304 ----a-w- c:\windows\system32\IM31XPNG.DEL
    2011-11-04 00:18:37 339968 ----a-w- c:\windows\system32\IMGMAN32.DLL
    2011-11-04 00:18:27 -------- d-----w- c:\programdata\FaxCtr
    2011-11-04 00:18:07 -------- d-----w- c:\program files\Lexmark Fax Solutions
    2011-11-04 00:17:45 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
    2011-11-04 00:17:21 -------- d-----w- c:\program files\Lexmark Tools for Office
    2011-11-04 00:09:01 -------- d-----w- C:\logs
    2011-11-03 23:51:14 348160 ----a-w- c:\windows\system32\lxdncoin.dll
    2011-11-03 23:51:10 77906 ----a-w- c:\windows\system32\lxdncfg.dll
    2011-11-03 23:44:56 -------- d-----w- c:\programdata\Ezprint
    2011-11-03 23:44:13 -------- d-----w- c:\program files\Lexmark Toolbar
    2011-11-03 23:14:20 -------- d-----w- c:\users\jeannie lavender\{8518fd66-cd08-478a-a9d6-c9edcdfd48be}
    2011-11-03 22:59:17 -------- d-----w- c:\users\jeannie lavender\{aca43aac-32e0-46a2-8b24-c52481567b65}
    2011-11-03 22:59:10 -------- d-----w- c:\program files\Lexmark 730 Series
    2011-11-03 09:42:21 -------- d-----w- c:\users\jeannie lavender\appdata\local\Last.fm
    2011-11-03 06:27:09 81768 ----a-w- c:\windows\system32\xinput1_3.dll
    2011-11-03 06:27:08 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
    2011-11-03 06:26:08 -------- d-----w- c:\program files\ConsoleClassix.com
    2011-10-27 21:53:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
    2011-10-27 21:53:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
    2011-10-27 21:53:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2011-10-27 21:53:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2011-10-27 21:53:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2011-10-27 21:53:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2011-10-27 21:53:17 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    2011-10-24 21:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 21:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-24 01:32:49 -------- d-----w- c:\windows\system32\Adobe
    2011-10-24 01:32:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-23 21:43:10 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-10-21 20:59:11 -------- d-----w- c:\users\jeannie lavender\{c5a5264c-5203-4090-bfac-519b80c68280}
    2011-10-21 20:58:32 -------- d-----w- c:\programdata\lx_Cats
    2011-10-21 20:58:20 -------- d-----w- C:\Temp
    2011-10-21 20:50:48 -------- d-----w- c:\users\jeannie lavender\{b35cdf18-9f7e-4656-b0f9-ab3b14386a0a}
    2011-10-20 23:16:33 -------- d-----w- c:\program files\Windows Portable Devices
    2011-10-20 22:44:48 92672 ----a-w- c:\windows\system32\UIAnimation.dll
    2011-10-20 22:44:47 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
    2011-10-20 22:44:47 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
    2011-10-20 22:36:54 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-10-20 22:35:52 369664 ----a-w- c:\windows\system32\WMPhoto.dll
    2011-10-20 22:35:52 195584 ----a-w- c:\windows\system32\dxdiagn.dll
    2011-10-20 22:35:51 252928 ----a-w- c:\windows\system32\dxdiag.exe
    2011-10-20 22:35:48 519680 ----a-w- c:\windows\system32\d3d11.dll
    2011-10-20 22:35:46 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
    2011-10-20 22:35:45 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2011-10-20 22:35:45 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
    2011-10-20 21:40:57 -------- d-----w- c:\program files\VideoLAN
    2011-10-20 20:38:22 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2011-10-20 20:38:22 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
    2011-10-20 20:38:22 293376 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-20 20:38:22 217088 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-20 20:38:20 375808 ----a-w- c:\windows\system32\winsrv.dll
    2011-10-20 20:36:38 797696 ----a-w- c:\windows\system32\FntCache.dll
    2011-10-20 20:36:38 683008 ----a-w- c:\windows\system32\d2d1.dll
    2011-10-20 20:36:38 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-10-20 20:36:38 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-10-20 20:36:38 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2011-10-20 20:36:37 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-10-20 20:36:36 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2011-10-20 20:36:36 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-10-20 20:36:36 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-10-20 20:36:36 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2011-10-20 20:36:36 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2011-10-20 20:36:35 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2011-10-20 20:34:39 2043392 ----a-w- c:\windows\system32\win32k.sys
    2011-10-20 20:32:34 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2011-10-20 20:32:34 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-10-20 20:32:33 238080 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-20 20:32:32 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-20 20:32:13 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-20 20:32:12 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-20 20:30:32 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-10-20 09:48:32 -------- d-----w- c:\windows\system32\eu-ES
    2011-10-20 09:48:32 -------- d-----w- c:\windows\system32\ca-ES
    2011-10-20 09:48:31 -------- d-----w- c:\windows\system32\vi-VN
    2011-10-20 09:18:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2011-10-20 09:18:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2011-10-20 09:09:15 -------- d-----w- c:\windows\system32\EventProviders
    2011-10-20 08:29:41 -------- d-----w- C:\BC4933DC5E2E349A34DBF3D70E
    2011-10-20 08:19:16 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
    2011-10-20 07:55:59 1216000 ----a-w- c:\windows\system32\AuxiliaryDisplayCpl.dll
    2011-10-20 07:54:53 880640 ----a-w- c:\windows\system32\RacEngn.dll
    2011-10-20 07:53:59 614376 ----a-w- c:\windows\system32\ci.dll
    2011-10-20 07:52:59 282624 ----a-w- c:\windows\system32\w32time.dll
    2011-10-20 07:51:58 197632 ----a-w- c:\windows\system32\SndVol.exe
    2011-10-20 07:50:59 73216 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
    2011-10-20 07:49:59 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys
    2011-10-20 07:48:57 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
    2011-10-20 07:48:57 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
    2011-10-20 07:48:57 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
    2011-10-20 07:48:57 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
    2011-10-20 07:48:57 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
    2011-10-20 07:48:56 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
    2011-10-20 07:48:56 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
    2011-10-20 07:48:52 705536 ----a-w- c:\windows\system32\SmiEngine.dll
    2011-10-20 07:48:46 218624 ----a-w- c:\windows\system32\wdscore.dll
    2011-10-20 07:48:46 130560 ----a-w- c:\windows\system32\PkgMgr.exe
    2011-10-20 07:48:27 247808 ----a-w- c:\windows\system32\drvstore.dll
    2011-10-20 07:38:15 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2011-10-20 07:38:15 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2011-10-20 07:38:15 297808 ----a-w- c:\windows\system32\mscoree.dll
    2011-10-20 07:38:15 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2011-10-20 07:38:15 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2011-10-20 07:11:36 66048 ----a-w- c:\program files\windows mail\wabmig.exe
    2011-10-20 07:11:36 515584 ----a-w- c:\program files\windows mail\wab.exe
    2011-10-20 07:11:36 33280 ----a-w- c:\program files\windows mail\wabfind.dll
    2011-10-20 07:11:34 1316864 ----a-w- c:\windows\system32\ole32.dll
    2011-10-20 07:11:33 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
    2011-10-20 07:11:29 36864 ----a-w- c:\windows\system32\rtutils.dll
    2011-10-20 07:11:26 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-10-20 07:11:25 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-10-20 07:11:25 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-10-20 07:11:14 1696256 ----a-w- c:\windows\system32\gameux.dll
    2011-10-20 07:11:07 1205080 ----a-w- c:\windows\system32\ntdll.dll
    2011-10-20 07:10:54 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2011-10-20 07:10:53 17920 ----a-w- c:\windows\system32\netevent.dll
    2011-10-20 07:10:45 81920 ----a-w- c:\windows\system32\iccvid.dll
    2011-10-20 07:10:32 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
    2011-10-20 07:10:31 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2011-10-20 07:10:14 413696 ----a-w- c:\windows\system32\odbc32.dll
    2011-10-20 07:10:13 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
    2011-10-20 07:10:12 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll
    2011-10-20 07:10:11 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll
    2011-10-20 07:10:11 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll
    2011-10-20 07:10:11 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll
    2011-10-20 07:08:38 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-10-20 07:08:38 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-10-20 07:08:35 81920 ----a-w- c:\windows\system32\consent.exe
    2011-10-20 07:08:31 128000 ----a-w- c:\windows\system32\spoolsv.exe
    2011-10-20 07:08:27 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
    2011-10-20 07:08:23 10926592 ----a-w- c:\program files\movie maker\MOVIEMK.dll
    2011-10-20 07:08:20 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe
    2011-10-20 07:08:17 867328 ----a-w- c:\windows\system32\wmpmde.dll
    2011-10-20 07:08:13 273408 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-10-20 07:08:08 1169408 ----a-w- c:\windows\system32\sdclt.exe
    2011-10-20 07:07:59 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2011-10-20 07:07:53 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
    2011-10-20 07:07:51 157184 ----a-w- c:\windows\system32\t2embed.dll
    2011-10-20 07:07:27 601600 ----a-w- c:\windows\system32\schedsvc.dll
    2011-10-20 07:07:26 352768 ----a-w- c:\windows\system32\taskschd.dll
    2011-10-20 07:07:26 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2011-10-20 07:07:26 270336 ----a-w- c:\windows\system32\taskcomp.dll
    2011-10-20 07:07:26 171520 ----a-w- c:\windows\system32\taskeng.exe
    2011-10-20 07:07:01 739328 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-20 06:56:35 49152 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-20 06:56:23 276992 ----a-w- c:\windows\system32\schannel.dll
    2011-10-20 06:56:14 531968 ----a-w- c:\windows\system32\comctl32.dll
    2011-10-20 06:48:44 2067968 ----a-w- c:\windows\system32\mstscax.dll
    2011-10-20 06:48:43 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-10-20 06:48:43 63488 ----a-w- c:\windows\system32\tscupgrd.exe
    2011-10-20 06:41:06 -------- d-----w- c:\program files\Microsoft
    2011-10-20 06:40:49 -------- d-----w- c:\program files\Windows Live SkyDrive
    2011-10-20 06:38:30 -------- d-----w- c:\program files\common files\Windows Live
    2011-10-20 06:29:45 -------- d-----w- c:\program files\MSECache
    2011-10-20 06:24:44 -------- d-----w- c:\users\jeannie lavender\appdata\roaming\HpUpdate
    2011-10-20 06:24:08 -------- d-----w- c:\windows\Hewlett-Packard
    .
    ==================== Find3M ====================
    .
    2011-10-20 22:36:54 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-10-20 22:35:54 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
    2011-10-20 08:16:49 544656 ----a-w- c:\windows\system32\deployJava1.dll
    2011-10-20 01:35:23 101888 ----a-w- c:\windows\system32\ifxcardm.dll
    2011-10-20 01:35:11 82432 ----a-w- c:\windows\system32\axaltocm.dll
    2011-10-19 08:35:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-10-07 13:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2011-10-04 13:21:16 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
    2011-09-13 13:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    ============= FINISH: 22:13:32.72 ===============

  4. #4
    Emeritus- Malware Team
    Join Date
    May 2009
    Location
    Buenos Aires, Argentina
    Posts
    340

    Default

    Hi jamper,

    I'm pretty sure this is not related to malware, but to the cmos battery. However, let's first finish with any malware onboard, and then I will give you some info on how to deal with the cmos battery.

    Please follow these steps:

    Step 1 | Please go to the following site to scan a file: Virus Total

    • Click on Browse, and upload the following file for analysis:

      • c:\windows\system32\tmp593A.tmp
        c:\windows\system32\tmp4FA4.tmp
        c:\windows\system32\tmp4DBF.tmp
        c:\windows\system32\tmp3EBA.tmp
        c:\windows\system32\tmp31A9.tmp

    • Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.
    • If it says already scanned -- click "reanalyze now"
    • Please post the results in your next reply.


    Step 2 | Let's perform an ESET Online Scan

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

    • Please go here then click on:
      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    • Select the option YES, I accept the Terms of Use then click on:
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on:
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic.
    • Now click on: (Selecting Uninstall application on close if you so wish)
    -- WTT Classroom Graduate --
    -- ASAP Member --
    -- UNITE Trained Eliminator --

  5. #5
    Member
    Join Date
    Mar 2010
    Posts
    90

    Default

    Hi, I am not sure if I did something wrong or not but c:\windows\system32\tmp593A.tmp etc can not be found the only ones are c:\windows\system32\tmp000.tmp to c:\windows\system32\tmp004.tmp maybe I deleted them without knowing



    ESET


    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    esets_scanner_update returned -1 esets_gle=36882
    # version=7
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6528
    # api_version=3.0.2
    # EOSSerial=23a1e5f20b97104fb35ac65d574485b1
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=false
    # utc_time=2011-10-18 12:40:51
    # local_time=2011-10-18 05:40:51 (-0800, Pacific Daylight Time)
    # country="United States"
    # lang=9
    # osver=6.0.6000 NT
    # compatibility_mode=1024 16777175 100 0 0 0 0 0
    # compatibility_mode=5892 16776574 100 95 138245425 155539972 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=136684
    # found=1
    # cleaned=0
    # scan_time=9202
    C:\Users\Jeannie Lavender\AppData\Roaming\00961AFA8BEA2AD73D9284C2DD53A932\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application 8468629D8D2E984EB8E1D054B3DBB282 I
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=23a1e5f20b97104fb35ac65d574485b1
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-11-19 02:22:49
    # local_time=2011-11-19 06:22:49 (-0800, Pacific Standard Time)
    # country="United States"
    # lang=1033
    # osver=6.0.6002 NT Service Pack 2
    # compatibility_mode=1024 16777215 100 0 2042550 2042550 0 0
    # compatibility_mode=5892 16776574 100 95 1679175 158312553 0 0
    # compatibility_mode=8192 67108863 100 0 1852606 1852606 0 0
    # scanned=166257
    # found=2
    # cleaned=2
    # scan_time=7546
    C:\Users\Jeannie Lavender\AppData\Roaming\00961AFA8BEA2AD73D9284C2DD53A932\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Users\Jeannie Lavender\Desktop\cnet_ZSoft_Uninstaller_2_5_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=23a1e5f20b97104fb35ac65d574485b1
    # end=stopped
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-11-19 08:19:37
    # local_time=2011-11-19 12:19:37 (-0800, Pacific Standard Time)
    # country="United States"
    # lang=1033
    # osver=6.0.6002 NT Service Pack 2
    # compatibility_mode=1024 16777215 100 0 2071290 2071290 0 0
    # compatibility_mode=5892 16776574 100 95 1707915 158341293 0 0
    # compatibility_mode=8192 67108863 100 0 1881346 1881346 0 0
    # scanned=3526
    # found=0
    # cleaned=0
    # scan_time=212
    ESETSmartInstaller@High as downloader log:
    all ok
    esets_scanner_update returned -1 esets_gle=53251
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=23a1e5f20b97104fb35ac65d574485b1
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2011-11-19 10:45:50
    # local_time=2011-11-19 02:45:50 (-0800, Pacific Standard Time)
    # country="United States"
    # lang=1033
    # osver=6.0.6002 NT Service Pack 2
    # compatibility_mode=1024 16777215 100 0 2071705 2071705 0 0
    # compatibility_mode=5892 16776574 100 95 1708330 158341708 0 0
    # compatibility_mode=8192 67108863 100 0 1881761 1881761 0 0
    # scanned=166065
    # found=1
    # cleaned=0
    # scan_time=8567
    C:\Users\Jeannie Lavender\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\70ee13c8-2ecc806d Java/TrojanDownloader.OpenStream.NCA trojan (unable to clean) 00000000000000000000000000000000 I

  6. #6
    Emeritus- Malware Team
    Join Date
    May 2009
    Location
    Buenos Aires, Argentina
    Posts
    340

    Default

    Thanks for the log.

    There are remnants of the infection in your Java's cache. Let's clean it.

    • Click Start > Control Panel.
    • Double-click the Java icon in the control panel.


    • Click Settings under Temporary Internet Files.


    • Click Delete Files.


    • Click OK on Delete Temporary Files window.
    • Click OK on Temporary Files Settings window.



    After that, please delete the following files (right-click on them and send to the recicle bin):

    c:\windows\system32\tmp000.tmp
    c:\windows\system32\tmp002.tmp
    c:\windows\system32\tmp003.tmp
    c:\windows\system32\tmp004.tmp

    After that, run DDS again and paste the log.

    After running DDS, please download SystemLook from one of the links below and save it to your Desktop.

    Download Mirror #1
    Download Mirror #2


    --------------------------------------------------------------------
    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:

      Code:
      :filefind
      c:\windows\system32\*.tmp
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

    Note: The log can also be found on your Desktop entitled SystemLook.txt
    Last edited by Blottedisk; 2011-11-20 at 02:58.
    -- WTT Classroom Graduate --
    -- ASAP Member --
    -- UNITE Trained Eliminator --

  7. #7
    Member
    Join Date
    Mar 2010
    Posts
    90

    Default

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.1.0
    Run by Jeannie Lavender at 17:28:58 on 2011-11-19
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1015.203 [GMT -8:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\system32\lxdncoms.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\ehome\ehtray.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
    C:\Program Files\Clearwire\Connection Manager\ClearwireCM.exe
    C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe
    C:\Program Files\Clearwire\Connection Manager\ConAppsSvc.exe
    C:\program files\clearwire\connection manager\Location Finder\mylocal.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\osk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = <local>
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Clearwire Connection Manager] "c:\program files\clearwire\connection manager\ClearwireCM.exe" -a
    mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
    mRun: [lxdnamon] "c:\program files\lexmark 2600 series\lxdnamon.exe"
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    LSP: c:\windows\system32\wpclsp.dll
    Trusted Zone: internet
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: mcafee.com
    Trusted Zone: turbotax.com
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 66.233.169.12 64.13.115.12
    TCP: Interfaces\{02038206-7C08-4C51-8EF4-72B0822C863A} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{9FE84712-9608-4D73-87D6-B1AD39489673} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    TCP: Interfaces\{B46D9F83-1D51-4D38-A6F3-6B2D6493ACF8} : DhcpNameServer = 192.168.0.1 205.171.3.25
    TCP: Interfaces\{E6A6814A-4D6D-4A90-A15F-DE84F1E37853} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{EE1FD3A5-99C1-43FC-A106-74EA610F1620} : DhcpNameServer = 66.233.169.12 64.13.115.12
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Notify: igfxcui - igfxdev.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\jeannie lavender\appdata\roaming\mozilla\firefox\profiles\qo91xb17.default\
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\users\jeannie lavender\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\users\jeannie lavender\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\jeannie lavender\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-10-19 21504]
    R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-10-15 1153368]
    R2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files\clearwire\connection manager\DeviceLaunchSvc.exe [2009-11-9 107856]
    R3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;c:\windows\system32\drivers\AVer88xHD.sys [2007-5-21 401408]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
    R3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2009-11-3 282112]
    R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2009-11-3 51712]
    R3 CACLEARWIRE;Clearwire Con App Svc;c:\program files\clearwire\connection manager\ConAppsSvc.exe [2009-11-9 124240]
    R3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files\clearwire\connection manager\RcAppSvc.exe [2009-11-9 120144]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
    S2 inewnetworks;Network Location Awarenes(NLA);c:\windows\system32\svchost.exe -k inetworks [2011-10-19 21504]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-5-20 30576]
    S3 netr73;Belkin Wireless 54G USB Network Adapter Driver for Vista;c:\windows\system32\drivers\netr73.sys [2010-2-6 464384]
    S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
    S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2011-10-15 523264]
    .
    =============== Created Last 30 ================
    .
    2011-11-19 09:04:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-19 01:06:33 17064 ----a-w- c:\windows\system32\lxdnwupd.exe
    2011-11-19 01:06:32 102400 ----a-w- c:\windows\system32\lxdnwupd.dll
    2011-11-19 01:06:25 438272 ----a-w- c:\windows\system32\LXDNhcp.dll
    2011-11-19 01:06:25 348160 ----a-w- c:\windows\system32\LXDNinst.dll
    2011-11-19 01:06:03 -------- d-----w- c:\program files\Lexmark 2600 Series
    2011-11-19 00:06:40 115200 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lxdndrpp.dll
    2011-11-18 22:45:55 -------- d-----w- c:\program files\MozBackup
    2011-11-13 11:18:06 -------- d-----w- c:\users\jeannie lavender\appdata\local\Clearwire
    2011-11-13 11:16:56 -------- d-----w- c:\program files\common files\PctelEapPeer Authentication
    2011-11-13 11:13:35 -------- d-----w- c:\programdata\Clearwire
    2011-11-13 09:15:07 -------- d-----w- c:\program files\CCleaner
    2011-11-12 05:42:02 -------- d-----w- c:\windows\pss
    2011-11-09 02:31:29 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2011-11-09 02:27:58 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 02:27:55 707584 ----a-w- c:\program files\common files\system\wab32.dll
    2011-11-08 05:52:08 -------- d-----w- c:\programdata\Big Fish Games
    2011-11-08 05:45:49 -------- d-----w- C:\BigFishGamesCache
    2011-11-04 01:43:25 -------- d-----w- c:\users\jeannie lavender\appdata\roaming\FaxCtr
    2011-11-04 00:25:08 -------- d-----w- c:\users\jeannie lavender\appdata\roaming\Lexmark Productivity Studio
    2011-11-04 00:18:59 45056 ----a-w- c:\windows\system32\LXF3PMON.DLL
    2011-11-04 00:18:59 32768 ----a-w- c:\windows\system32\LXF3FXPU.DLL
    2011-11-04 00:18:39 69632 ----a-w- c:\windows\system32\IM31XTIF.DEL
    2011-11-04 00:18:39 53248 ----a-w- c:\windows\system32\lxf3oem.dll
    2011-11-04 00:18:39 49152 ----a-w- c:\windows\system32\IM31IMG.DIL
    2011-11-04 00:18:39 12288 ----a-w- c:\windows\system32\LXF3PMRC.DLL
    2011-11-04 00:18:38 98345 ----a-w- c:\windows\system32\IMHOST32.DLL
    2011-11-04 00:18:38 98304 ----a-w- c:\windows\system32\IM31XPNG.DEL
    2011-11-04 00:18:37 339968 ----a-w- c:\windows\system32\IMGMAN32.DLL
    2011-11-04 00:18:27 -------- d-----w- c:\programdata\FaxCtr
    2011-11-04 00:18:07 -------- d-----w- c:\program files\Lexmark Fax Solutions
    2011-11-04 00:17:45 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
    2011-11-04 00:17:21 -------- d-----w- c:\program files\Lexmark Tools for Office
    2011-11-04 00:09:01 -------- d-----w- C:\logs
    2011-11-03 23:51:14 348160 ----a-w- c:\windows\system32\lxdncoin.dll
    2011-11-03 23:51:10 77906 ----a-w- c:\windows\system32\lxdncfg.dll
    2011-11-03 23:44:56 -------- d-----w- c:\programdata\Ezprint
    2011-11-03 23:44:13 -------- d-----w- c:\program files\Lexmark Toolbar
    2011-11-03 23:14:20 -------- d-----w- c:\users\jeannie lavender\{8518fd66-cd08-478a-a9d6-c9edcdfd48be}
    2011-11-03 22:59:17 -------- d-----w- c:\users\jeannie lavender\{aca43aac-32e0-46a2-8b24-c52481567b65}
    2011-11-03 22:59:10 -------- d-----w- c:\program files\Lexmark 730 Series
    2011-11-03 09:42:21 -------- d-----w- c:\users\jeannie lavender\appdata\local\Last.fm
    2011-11-03 06:27:09 81768 ----a-w- c:\windows\system32\xinput1_3.dll
    2011-11-03 06:27:08 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
    2011-11-03 06:26:08 -------- d-----w- c:\program files\ConsoleClassix.com
    2011-10-27 21:53:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
    2011-10-27 21:53:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
    2011-10-27 21:53:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2011-10-27 21:53:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2011-10-27 21:53:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2011-10-27 21:53:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2011-10-27 21:53:17 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    2011-10-24 21:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 21:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-24 01:32:49 -------- d-----w- c:\windows\system32\Adobe
    2011-10-23 21:43:10 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-10-21 20:59:11 -------- d-----w- c:\users\jeannie lavender\{c5a5264c-5203-4090-bfac-519b80c68280}
    2011-10-21 20:58:32 -------- d-----w- c:\programdata\lx_Cats
    2011-10-21 20:58:20 -------- d-----w- C:\Temp
    2011-10-21 20:50:48 -------- d-----w- c:\users\jeannie lavender\{b35cdf18-9f7e-4656-b0f9-ab3b14386a0a}
    .
    ==================== Find3M ====================
    .
    2011-10-20 22:36:54 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-10-20 22:35:54 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
    2011-10-20 22:35:52 369664 ----a-w- c:\windows\system32\WMPhoto.dll
    2011-10-20 22:35:52 195584 ----a-w- c:\windows\system32\dxdiagn.dll
    2011-10-20 22:35:51 252928 ----a-w- c:\windows\system32\dxdiag.exe
    2011-10-20 22:35:48 519680 ----a-w- c:\windows\system32\d3d11.dll
    2011-10-20 22:35:46 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
    2011-10-20 22:35:45 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2011-10-20 22:35:45 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
    2011-10-20 08:16:49 544656 ----a-w- c:\windows\system32\deployJava1.dll
    2011-10-20 01:35:23 101888 ----a-w- c:\windows\system32\ifxcardm.dll
    2011-10-20 01:35:11 82432 ----a-w- c:\windows\system32\axaltocm.dll
    2011-10-19 08:35:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-10-07 13:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2011-10-04 13:21:16 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
    2011-09-13 13:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
    2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-25 16:15:04 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2011-08-25 16:14:01 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2011-08-25 16:14:01 238080 ----a-w- c:\windows\system32\oleacc.dll
    2011-08-25 13:31:01 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    .
    ============= FINISH: 17:32:20.32 ===============



    DDS

    SystemLook 30.07.11 by jpshortstuff
    Log created at 17:36 on 19/11/2011 by Jeannie Lavender
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "c:\windows\system32\*.tmp"
    No files found.

    -= EOF =-

  8. #8
    Emeritus- Malware Team
    Join Date
    May 2009
    Location
    Buenos Aires, Argentina
    Posts
    340

    Default

    Hi jamper,

    Please download ComboFix from one of the following locations:

    Link 1
    Link 2

    VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

    * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    • Double click on ComboFix.exe & follow the prompts.
    • Accept the disclaimer and allow to update if it asks




    • When finished, it shall produce a log for you.
    • Please include the C:\ComboFix.txt in your next reply.


    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


    Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
    -- WTT Classroom Graduate --
    -- ASAP Member --
    -- UNITE Trained Eliminator --

  9. #9
    Member
    Join Date
    Mar 2010
    Posts
    90

    Default

    Hello, I think you are right about the cmos battery because I unplugged the computer to bring it to my house to work on it and when I started it up it did the same thing so I will replace it.

    The computer seems to be running fine here is the ComboFix log:


    ComboFix 11-11-22.01 - Jeannie Lavender 11/22/2011 10:18:39.3.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1015.344 [GMT -8:00]
    Running from: c:\users\Jeannie Lavender\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\users\Jeannie Lavender\AppData\Local\{FD05E442-AFC2-48A8-9CE8-72A4B0D1719C}
    c:\users\Jeannie Lavender\AppData\Local\{FD05E442-AFC2-48A8-9CE8-72A4B0D1719C}\chrome\content\overlay.xul
    c:\users\Jeannie Lavender\AppData\Local\{FD05E442-AFC2-48A8-9CE8-72A4B0D1719C}\install.rdf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-22 to 2011-11-22 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-22 18:27 . 2011-11-22 18:27 -------- d-----w- c:\users\Jeannie Lavender\AppData\Local\temp
    2011-11-22 05:10 . 2011-03-02 10:43 175616 ----a-w- c:\windows\system32\unrar.dll
    2011-11-22 05:10 . 2011-07-16 14:17 151552 ----a-w- c:\windows\system32\ac3acm.acm
    2011-11-22 05:10 . 2006-10-18 18:05 232448 ----a-w- c:\windows\system32\mp3fhg.acm
    2011-11-22 05:10 . 2011-10-28 08:00 74752 ----a-w- c:\windows\system32\ff_vfw.dll
    2011-11-22 05:10 . 2011-11-22 05:11 -------- d-----w- c:\program files\K-Lite Codec Pack
    2011-11-19 09:04 . 2011-11-19 09:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-19 01:06 . 2008-02-27 23:07 17064 ----a-w- c:\windows\system32\lxdnwupd.exe
    2011-11-19 01:06 . 2007-11-21 14:39 102400 ----a-w- c:\windows\system32\lxdnwupd.dll
    2011-11-19 01:06 . 2007-11-28 23:09 438272 ----a-w- c:\windows\system32\LXDNhcp.dll
    2011-11-19 01:06 . 2007-11-28 23:09 348160 ----a-w- c:\windows\system32\LXDNinst.dll
    2011-11-19 01:06 . 2011-11-19 01:08 -------- d-----w- c:\program files\Lexmark 2600 Series
    2011-11-19 00:06 . 2008-02-27 11:05 115200 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxdndrpp.dll
    2011-11-18 22:45 . 2011-11-18 22:45 -------- d-----w- c:\program files\MozBackup
    2011-11-13 11:18 . 2011-11-13 11:18 -------- d-----w- c:\users\Jeannie Lavender\AppData\Local\Clearwire
    2011-11-13 11:16 . 2011-11-13 11:16 -------- d-----w- c:\program files\Common Files\PctelEapPeer Authentication
    2011-11-13 11:13 . 2011-11-13 11:13 -------- d-----w- c:\programdata\Clearwire
    2011-11-13 09:15 . 2011-11-13 09:15 -------- d-----w- c:\program files\CCleaner
    2011-11-10 20:44 . 2011-11-10 20:44 -------- d-----w- c:\program files\ERUNT
    2011-11-09 02:31 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-11-09 02:27 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 02:27 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
    2011-11-08 05:52 . 2011-11-10 20:40 -------- d-----w- c:\programdata\Big Fish Games
    2011-11-08 05:45 . 2011-11-10 20:40 -------- d-----w- C:\BigFishGamesCache
    2011-11-04 01:43 . 2011-11-04 01:43 -------- d-----w- c:\users\Jeannie Lavender\AppData\Roaming\FaxCtr
    2011-11-04 00:25 . 2011-11-19 01:09 -------- d-----w- c:\users\Jeannie Lavender\AppData\Roaming\Lexmark Productivity Studio
    2011-11-04 00:18 . 2007-11-01 14:29 45056 ----a-w- c:\windows\system32\LXF3PMON.DLL
    2011-11-04 00:18 . 2007-11-01 14:28 32768 ----a-w- c:\windows\system32\LXF3FXPU.DLL
    2011-11-04 00:18 . 2007-11-01 14:33 12288 ----a-w- c:\windows\system32\LXF3PMRC.DLL
    2011-11-04 00:18 . 2007-08-27 17:44 53248 ----a-w- c:\windows\system32\lxf3oem.dll
    2011-11-04 00:18 . 2007-05-02 02:05 69632 ----a-w- c:\windows\system32\IM31XTIF.DEL
    2011-11-04 00:18 . 2007-05-02 02:05 49152 ----a-w- c:\windows\system32\IM31IMG.DIL
    2011-11-04 00:18 . 2007-05-02 02:05 98345 ----a-w- c:\windows\system32\IMHOST32.DLL
    2011-11-04 00:18 . 2007-05-02 02:05 98304 ----a-w- c:\windows\system32\IM31XPNG.DEL
    2011-11-04 00:18 . 2007-05-02 02:05 339968 ----a-w- c:\windows\system32\IMGMAN32.DLL
    2011-11-04 00:18 . 2011-11-04 00:18 -------- d-----w- c:\programdata\FaxCtr
    2011-11-04 00:18 . 2011-11-04 00:21 -------- d-----w- c:\program files\Lexmark Fax Solutions
    2011-11-04 00:17 . 2011-11-04 00:29 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
    2011-11-04 00:17 . 2011-11-19 01:08 -------- d-----w- c:\program files\Lexmark Tools for Office
    2011-11-04 00:09 . 2011-11-04 00:09 -------- d-----w- C:\logs
    2011-11-03 23:51 . 2008-02-15 04:52 348160 ----a-w- c:\windows\system32\lxdncoin.dll
    2011-11-03 23:51 . 2007-11-05 14:32 77906 ----a-w- c:\windows\system32\lxdncfg.dll
    2011-11-03 23:44 . 2011-11-03 23:44 -------- d-----w- c:\programdata\Ezprint
    2011-11-03 23:44 . 2011-11-04 00:17 -------- d-----w- c:\program files\Lexmark Toolbar
    2011-11-03 23:14 . 2011-11-03 23:14 -------- d-----w- c:\users\Jeannie Lavender\{8518fd66-cd08-478a-a9d6-c9edcdfd48be}
    2011-11-03 22:59 . 2011-11-03 23:02 -------- d-----w- c:\users\Jeannie Lavender\{aca43aac-32e0-46a2-8b24-c52481567b65}
    2011-11-03 22:59 . 2011-11-03 23:07 -------- d-----w- c:\program files\Lexmark 730 Series
    2011-11-03 09:42 . 2011-11-03 09:42 -------- d-----w- c:\users\Jeannie Lavender\AppData\Local\Last.fm
    2011-11-03 06:27 . 2007-04-05 01:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
    2011-11-03 06:27 . 2007-03-12 23:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
    2011-11-03 06:26 . 2011-11-03 23:29 -------- d-----w- c:\program files\ConsoleClassix.com
    2011-10-27 21:53 . 2011-10-27 21:53 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
    2011-10-27 21:53 . 2011-10-27 21:53 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
    2011-10-27 21:53 . 2011-10-27 21:53 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
    2011-10-27 21:53 . 2011-10-27 21:53 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
    2011-10-27 21:53 . 2011-10-27 21:53 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
    2011-10-27 21:53 . 2011-10-27 21:53 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
    2011-10-27 21:53 . 2011-10-27 21:53 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
    2011-10-27 21:52 . 2011-11-18 23:54 -------- d-----w- c:\program files\QuickTime
    2011-10-24 21:29 . 2011-10-24 21:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 21:29 . 2011-10-24 21:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-24 01:32 . 2011-10-24 01:32 -------- d-----w- c:\windows\system32\Adobe
    2011-10-23 21:43 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-20 22:38 . 2011-10-20 22:38 161792 ----a-w- c:\windows\system32\msls31.dll
    2011-10-20 22:38 . 2011-10-20 22:38 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-10-20 22:38 . 2011-10-20 22:38 86528 ----a-w- c:\windows\system32\iesysprep.dll
    2011-10-20 22:38 . 2011-10-20 22:38 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-10-20 22:38 . 2011-10-20 22:38 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-10-20 22:38 . 2011-10-20 22:38 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-10-20 22:38 . 2011-10-20 22:38 63488 ----a-w- c:\windows\system32\tdc.ocx
    2011-10-20 22:38 . 2011-10-20 22:38 367104 ----a-w- c:\windows\system32\html.iec
    2011-10-20 22:38 . 2011-10-20 22:38 74752 ----a-w- c:\windows\system32\iesetup.dll
    2011-10-20 22:38 . 2011-10-20 22:38 23552 ----a-w- c:\windows\system32\licmgr10.dll
    2011-10-20 22:38 . 2011-10-20 22:38 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-10-20 22:38 . 2011-10-20 22:38 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-10-20 22:38 . 2011-10-20 22:38 152064 ----a-w- c:\windows\system32\wextract.exe
    2011-10-20 22:38 . 2011-10-20 22:38 150528 ----a-w- c:\windows\system32\iexpress.exe
    2011-10-20 22:38 . 2011-10-20 22:38 35840 ----a-w- c:\windows\system32\imgutil.dll
    2011-10-20 22:38 . 2011-10-20 22:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-10-20 22:38 . 2011-10-20 22:38 1798144 ----a-w- c:\windows\system32\jscript9.dll
    2011-10-20 22:38 . 2011-10-20 22:38 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-10-20 22:38 . 2011-10-20 22:38 11776 ----a-w- c:\windows\system32\mshta.exe
    2011-10-20 22:38 . 2011-10-20 22:38 101888 ----a-w- c:\windows\system32\admparse.dll
    2011-10-20 22:38 . 2011-10-20 22:38 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-10-20 22:36 . 2011-10-20 22:36 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-10-20 22:36 . 2011-10-20 22:36 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-10-20 22:36 . 2011-10-20 22:36 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-10-20 22:36 . 2011-10-20 22:36 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-10-20 22:36 . 2011-10-20 22:36 98816 ----a-w- c:\windows\system32\mfps.dll
    2011-10-20 22:36 . 2011-10-20 22:36 2873344 ----a-w- c:\windows\system32\mf.dll
    2011-10-20 22:36 . 2011-10-20 22:36 209920 ----a-w- c:\windows\system32\mfplat.dll
    2011-10-20 22:36 . 2011-10-20 22:36 586240 ----a-w- c:\windows\system32\stobject.dll
    2011-10-20 22:36 . 2011-10-20 22:36 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-10-20 22:36 . 2011-10-20 22:36 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2011-10-20 22:36 . 2011-10-20 22:36 478720 ----a-w- c:\windows\system32\dxgi.dll
    2011-10-20 22:36 . 2011-10-20 22:36 37376 ----a-w- c:\windows\system32\cdd.dll
    2011-10-20 22:36 . 2011-10-20 22:36 258048 ----a-w- c:\windows\system32\winspool.drv
    2011-10-20 22:36 . 2011-10-20 22:36 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2011-10-20 22:36 . 2011-10-20 22:36 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2011-10-20 22:35 . 2011-10-20 22:35 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
    2011-10-20 22:35 . 2011-10-20 22:35 369664 ----a-w- c:\windows\system32\WMPhoto.dll
    2011-10-20 22:35 . 2011-10-20 22:35 195584 ----a-w- c:\windows\system32\dxdiagn.dll
    2011-10-20 22:35 . 2011-10-20 22:35 252928 ----a-w- c:\windows\system32\dxdiag.exe
    2011-10-20 22:35 . 2011-10-20 22:35 519680 ----a-w- c:\windows\system32\d3d11.dll
    2011-10-20 22:35 . 2011-10-20 22:35 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
    2011-10-20 22:35 . 2011-10-20 22:35 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2011-10-20 22:35 . 2011-10-20 22:35 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
    2011-10-20 08:16 . 2011-10-18 09:27 544656 ----a-w- c:\windows\system32\deployJava1.dll
    2011-10-20 01:35 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
    2011-10-20 01:35 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
    2011-10-19 08:35 . 2003-03-19 03:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-10-17 22:13 . 2011-10-17 22:13 0 ---ha-w- c:\users\Jeannie Lavender\AppData\Local\BITF0B.tmp
    2011-10-08 02:29 . 2011-05-03 18:36 0 ----a-w- c:\users\Jeannie Lavender\AppData\Local\Dceloho.bin
    2011-10-07 13:23 . 2011-10-07 13:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2011-10-04 13:21 . 2011-10-04 13:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
    2011-09-13 13:30 . 2011-09-13 13:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2011-09-06 13:30 . 2011-10-20 20:34 2043392 ----a-w- c:\windows\system32\win32k.sys
    2011-09-01 00:00 . 2011-10-16 07:31 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-25 16:15 . 2011-10-20 20:32 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2011-08-25 16:14 . 2011-10-20 20:32 238080 ----a-w- c:\windows\system32\oleacc.dll
    2011-08-25 16:14 . 2011-10-20 20:32 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2011-08-25 13:31 . 2011-10-20 20:32 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-29 06:53 . 2011-11-19 08:53 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 4317184]
    "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
    "Clearwire Connection Manager"="c:\program files\Clearwire\Connection Manager\ClearwireCM.exe" [2009-12-01 54608]
    "lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2009-01-29 660136]
    "lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2009-01-29 16040]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Jeannie Lavender^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
    path=c:\users\Jeannie Lavender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    backup=c:\windows\pss\ERUNT AutoBackup.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
    2009-01-29 15:43 320168 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
    2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
    "Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
    "Google Update"="c:\users\Jeannie Lavender\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
    "WPCUMI"=c:\windows\system32\WpcUmi.exe
    "HotKeysCmds"=c:\windows\system32\hkcmd.exe
    "IgfxTray"=c:\windows\system32\igfxtray.exe
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" -osboot
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001
    .
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 135664]
    R2 inewnetworks;Network Location Awarenes(NLA);c:\windows\System32\svchost.exe [2008-01-19 21504]
    R3 CACLEARWIRE;Clearwire Con App Svc;c:\program files\Clearwire\Connection Manager\ConAppsSvc.exe [2009-11-09 124240]
    R3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files\Clearwire\Connection Manager\RcAppSvc.exe [2009-11-09 120144]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 135664]
    R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 30576]
    R3 netr73;Belkin Wireless 54G USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2010-02-07 464384]
    R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
    R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-12-10 523264]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
    S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
    S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
    S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
    S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [2008-02-27 594600]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files\Clearwire\Connection Manager\DeviceLaunchSvc.exe [2009-11-09 107856]
    S3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;c:\windows\system32\drivers\AVer88xHD.sys [2007-04-09 401408]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
    S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
    S3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314.sys [2009-11-04 282112]
    S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr.sys [2009-11-04 51712]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    inetworks REG_MULTI_SZ inewnetworks
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 06:30]
    .
    2011-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 06:30]
    .
    2011-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1822510456-4128253031-764409555-1000Core.job
    - c:\users\Jeannie Lavender\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-29 01:51]
    .
    2011-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1822510456-4128253031-764409555-1000UA.job
    - c:\users\Jeannie Lavender\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-29 01:51]
    .
    2011-11-22 c:\windows\Tasks\User_Feed_Synchronization-{6FC22B2E-2EDB-403E-9883-BED2008ACD31}.job
    - c:\windows\system32\msfeedssync.exe [2011-10-20 22:38]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = <local>
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    LSP: c:\windows\system32\wpclsp.dll
    Trusted Zone: internet
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: mcafee.com
    Trusted Zone: turbotax.com
    TCP: DhcpNameServer = 66.233.169.12 64.13.115.12
    DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
    FF - ProfilePath - c:\users\Jeannie Lavender\AppData\Roaming\Mozilla\Firefox\Profiles\qo91xb17.default\
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-22 10:27
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2011-11-22 10:31:13
    ComboFix-quarantined-files.txt 2011-11-22 18:31
    ComboFix2.txt 2011-10-18 06:31
    .
    Pre-Run: 275,624,095,744 bytes free
    Post-Run: 275,599,495,168 bytes free
    .
    - - End Of File - - 5F2C9A5C9CA9234B7DBE297A239ED1A3

  10. #10
    Emeritus- Malware Team
    Join Date
    May 2009
    Location
    Buenos Aires, Argentina
    Posts
    340

    Default

    Nice job.

    Please let me know once you have changed the battery.

    As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates
    • After the update have been completed, Select the Scanner tab.
    • Select Perform Quick scan, then click on Scan
    • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
    • Check all items then click on Remove Selected
    • After it has removed the items, Notepad will open. Please post this log in your next reply.


    The log can also be found here:

    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.


    Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
    Failure to reboot will prevent MBAM from removing all the malware.
    -- WTT Classroom Graduate --
    -- ASAP Member --
    -- UNITE Trained Eliminator --

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •