rebooting and blue screening

**fscali** · 2012-07-07, 17:05

Still having issues. Responses embedded in quote:

Originally Posted by torreattack

1. Download one of the antivirus from the link below, but don't install it yet.

Done: avast!

2. Uninstall Microsoft Security Essentials.

Done

3. Install the new Antivirus that you just downloaded. Try to use it for a while, see whether you Blue Screen problem solved.

Done. BSOD again within the hour

4. I saw you add a lot of Military Website into your trust zone, is this computer have anything to do with Government/Military Network?

Personal PC at home

5. Please upload Minidump file
Paste the link to me.

http://www.sendspace.com/file/frnot8

Thank you,
Fred

**torreattack** · 2012-07-08, 14:23

Hi fscali:

Outdated drivers are can and do cause conflicts, memory corruption and BSOD's. Update the driver through the link provided or uninstall the software it is associated with.

Try to update this software: Conexant D850 56K V.9x DFVc Modem
==>http://www.conexant.com/support/
==>http://www.conexant.com/support/md_winxpinfo.html

If after updating the software also fail to solve, try to uninstall it.
==> Conexant D850 56K V.9x DFVc Modem

Please observe for a while, then let me know about it.
If the system still crash, give me the latest minidump file as well.

torreattack

**fscali** · 2012-07-09, 01:55

Conextant doesn't supply drivers for retail consumer devices so I went to Dell to check for hardware driver updates. Told me I was up to date so I disabled the modem in the device manager. Computer is still rebooting itself but without the BSOD so I don't have any minidumps to send. I notice it reboots anytime I start to fiddle with Dell's PC Checkup utility. This is getting frustrating.

**torreattack** · 2012-07-10, 07:52

hi fscali:

Please use erunt to create another backup before continue.

I notice it reboots anytime I start to fiddle with Dell's PC Checkup utility.

1. Do you mean if you did not run the Dell's PC Checkup utility, the computer does not reboot or gettting BSOD?
Have you try to re-install the Dell Support program?
According to your log, this file is missing: C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys, this might be the reason when fail to load the Dell program.

2. Remove Programs

Click Start > Control Panel > Add/Remove Programs
Remove these programs by clicking Remove:

Conexant D850 56K V.9x DFVc Modem (let's temporary remove it)
Adobe Reader 8.3.1
Spelling Dictionaries Support For Adobe Reader 8

Take extra care in answering questions posed by any Uninstaller.

3. OTL fix
Please make sure OTL.exe is on your Desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop

Double click on OTL.exe to run it.
Copy the following text... do not include the code box title "Quote"

:OTL
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe File not found
DRV - (WDICA) -- File not found
DRV - (wanatw) WAN Miniport (ATW) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (VPROEVENTMONITOR) -- C:\WINDOWS\system32\drivers\VProEventMonitor.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (Normandy) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys File not found
DRV - (Changer) -- File not found
DRV - (bvrp_pci) -- File not found
IE - HKLM\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm142S1us&ptnrS=CDxdm142S1us&si=101497_819p&ptb=302F0649-9AB6-42B6-8237-E4BA1376DCD0&ind=2011101415&n=77def8e7&psa=&st=sb&searchfor={searchTerms}
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..\SearchScopes,DefaultScope = {65344CC3-9C2F-4FFC-ADC4-21D561672820}
IE - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm142S1us&ptnrS=CDxdm142S1us&si=101497_819p&ptb=302F0649-9AB6-42B6-8237-E4BA1376DCD0&ind=2011101415&n=77def8e7&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..\SearchScopes\{51430913-DF4E-485C-8157-9F3EDFBA213E}: "URL" = http://cnet.search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..\SearchScopes\{EE24694B-2AD6-4978-B4C2-EAE98D3F765B}: "URL" = http://www.shopzilla.com/buy/superfind.xpml?search_box=1&sfsk=0&cat_id=1&keyword={searchTerms}
O3 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
O3 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\.DEFAULT..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1014020 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1014020 File not found
O8 - Extra context menu item: &Search - http://tbedits.couponalert.com/one-t...0&n=2011101415 File not found
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: aa.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: ancestry.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: army.mil ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: citimortgage.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: dau.mil ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: disa.mil ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: dsw.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: google.com ([mail] https in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: keysenergy.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: mymonthlycycles.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: navyfcu.org ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: noaa.gov ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: osd.mil ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: paypal.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: southcom.mil ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: southcom.mil ([owa.jiatfs] https in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: ugov.gov ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: usmc.mil ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Ranges: Range78 ([*] in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Ranges: Range79 ([http] in Trusted sites)
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\2.bin\NPFunWeb.dll File not found
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found
[2009/10/30 20:15:32 | 000,008,349 | ---- | M] () -- C:\Documents and Settings\fred\Application Data\Mozilla\Firefox\Profiles\lu62k214.default\searchplugins\oneriot.xml
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - No CLSID value found.
O34 - HKLM BootExecute: (lsdelete)

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\winav.exe" =-

:Files
C:\WINDOWS\system32\winav.exe
ipconfig /flushdns /c

:Commands
[EmptyTemp]
[CreateRestorePoint]

Click under the Custom Scan/Fixes box and paste the copied text.
Click the Run Fix button. If prompted... click OK.
When the scan completes, Notepad will open with the scan results.
Please post the contents of report in your next reply.

note: The OTL fix log was located at c:\_OTL\MovedFiles with the format MMDDYYY_HHMMSS.log.

4. re-scan with OTL
Please make sure OTL is on your Desktop.

Double click on OTL.exe to run it.
Under Output, ensure that Minimal Output is selected.
Click the Scan All Users checkbox.
Leave the remaining selections to the default settings.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened, maximized
- Extras.txt <-- Will be minimized on task bar.
Please post the contents of ONLY OTL.txt in your next reply.

5. Checklist
Please post:

Answer about Dell Support Program and Reboot problem.
OTL fix log
OTL.txt only
An update on your problems

note: These logs can be lengthy, please post in several replies if needed. Please ensure you post COMPLETE log.

Thanks,
torreattack

**fscali** · 2012-07-11, 02:27

torreattack,
embedded responses below.
thank you,
Fred

Originally Posted by torreattack

hi fscali:

Please use erunt to create another backup before continue.

Done

1. Do you mean if you did not run the Dell's PC Checkup utility, the computer does not reboot or gettting BSOD?
Have you try to re-install the Dell Support program?
According to your log, this file is missing: C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys, this might be the reason when fail to load the Dell program.

PC Checkup is not the only way to force an unwanted reboot. It also happens when I try to select the "Space" screen saver. I would assume there may be many triggers for the reboots. All of the previous reboots happened at random times before I ever looked at the PC Checkup. Many times it would occur when I was not even sitting at the computer.

2. Remove Programs

Click Start > Control Panel > Add/Remove Programs
Remove these programs by clicking Remove:

Conexant D850 56K V.9x DFVc Modem (let's temporary remove it)
Adobe Reader 8.3.1
Spelling Dictionaries Support For Adobe Reader 8

Take extra care in answering questions posed by any Uninstaller.

I removed all three but the modem reinstalls itself everytime a reboot happens. Also, there were no questions asked by any Uninstaller.

3. OTL fix
Please make sure OTL.exe is on your Desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop

Double click on OTL.exe to run it.
Copy the following text... do not include the code box title "Quote"

Click under the Custom Scan/Fixes box and paste the copied text.
Click the Run Fix button. If prompted... click OK.
When the scan completes, Notepad will open with the scan results.
Please post the contents of report in your next reply.

note: The OTL fix log was located at c:\_OTL\MovedFiles with the format MMDDYYY_HHMMSS.log.

I can not get past this step. OTL causes the machine to hang. I disabled all anti-malware/anti-virus software prior to running OTL but it just hangs at "Killing processes". I let it run/sit for over a half an hour just to make sure. The only way to get out of it was to physically turn the machine off by the On/Off button.

**torreattack** · 2012-07-11, 02:57

Hi fscali:

Let's try with another tool.

Step 1: ComboFix
Please download

ComboFix.exe... Copyrighted to sUBs. Save it to your desktop. <<--- IMPORTANT!! .
Alternate download sites: Mirror #2

If you previously downloaded ComboFix, please delete that version and download it again. This tool is frequently updated.

This program is a powerful tool, intended by its creator, to be "used under the guidance and supervision of trained malware removers".
Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!

The first thing you need to do is print out How-To-Use-ComboFix. Read these instructions thoroughly.
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!

Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
Double click the ComboFix.exe icon on your desktop to begin execution. If you receive the "Open File - Security Warning"... press Run.
Press Yes to the Disclaimer prompt.
ComboFix screen appears... preparing to run. ComboFix will now begin creating a System Restore Point and then backup your registry.
If not already installed... Press Yes to the "Install Recovery Console" prompt.
Press Yes at the Recovery Console installation results prompt... Even if unsuccessful, have ComboFix continue the scan.
Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash!
ComboFix will disconnect you from the Internet, may cause your desktop to disappear and also change your clock settings... this is normal, so don't worry. They will be restored when finished. The ComboFix window data will be changing with various "Stages"... completed. When finished the screen will show that a log is being created.
ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.
When finished... Notepad will open ... ComboFix will produce a log file called "log.txt".
Please copy/paste the contents of log.txt... in your next reply.

Do NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read Combofix's Disclaimer.

** Enable your Antivirus and Firewall, before connecting to the Internet again! **

I still thinking the outdated Modem driver conflict with your Windows. However, the BSOD or reboot also may cause by Hardware Problem. Since I am not train for that issue, I only can give my "best shoot".
If after we clean the computer and the problem still occur, I had to forward you to other expect who can deal with hardware problem.

Sorry.
torreattack

**fscali** · 2012-07-11, 23:37

combofix log below
thank you

ComboFix 12-07-11.02 - fred 07/11/2012 7:26.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1297 [GMT -4:00]
Running from: c:\documents and settings\fred\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\PCDr\5907\Downloads\27e5bc9a-105f-4d7f-8352-e6ef1c8933dd.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{889C6F39-241F-4119-8026-1B2F4A124839}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}\PostBuild.exe
c:\documents and settings\fred\Recent\Thumbs.db
c:\documents and settings\fred\WINDOWS
c:\program files\Internet Explorer\SET295.tmp
c:\program files\Internet Explorer\SET29A.tmp
c:\program files\Internet Explorer\SET352.tmp
c:\windows\system32\SET254.tmp
c:\windows\system32\SET25A.tmp
c:\windows\system32\SET2B0.tmp
c:\windows\system32\SET2B1.tmp
c:\windows\system32\SET2B2.tmp
c:\windows\system32\SET2B3.tmp
c:\windows\system32\SET2B4.tmp
c:\windows\system32\SET2B5.tmp
c:\windows\system32\SET2B6.tmp
c:\windows\system32\SET2B7.tmp
c:\windows\system32\SET2BB.tmp
c:\windows\system32\SET2BC.tmp
c:\windows\system32\SET2BD.tmp
c:\windows\system32\SET2BE.tmp
c:\windows\system32\SET2BF.tmp
c:\windows\system32\SET2C3.tmp
c:\windows\system32\SET2C5.tmp
c:\windows\system32\SET2C7.tmp
c:\windows\system32\SET2C8.tmp
c:\windows\system32\SET2CA.tmp
c:\windows\system32\SET2CC.tmp
c:\windows\system32\SET2CD.tmp
c:\windows\system32\SET2CF.tmp
c:\windows\system32\SET2D2.tmp
c:\windows\system32\SET2D3.tmp
c:\windows\system32\SET2D6.tmp
c:\windows\system32\SET2D7.tmp
c:\windows\system32\SET2D8.tmp
c:\windows\system32\SET2D9.tmp
c:\windows\system32\SET2DA.tmp
c:\windows\system32\SET2DE.tmp
c:\windows\system32\SET2DF.tmp
c:\windows\system32\SET2E0.tmp
c:\windows\system32\SET2E2.tmp
c:\windows\system32\SET2E3.tmp
c:\windows\system32\SET2E4.tmp
c:\windows\system32\SET343.tmp
c:\windows\system32\SET344.tmp
c:\windows\system32\SET347.tmp
c:\windows\system32\SET348.tmp
c:\windows\system32\SET349.tmp
c:\windows\system32\SET34A.tmp
c:\windows\system32\SET34C.tmp
c:\windows\system32\SET34D.tmp
c:\windows\system32\SET34E.tmp
c:\windows\system32\SET384.tmp
c:\windows\system32\SET385.tmp
c:\windows\system32\SET386.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-06-11 to 2012-07-11 )))))))))))))))))))))))))))))))
.
.
2012-07-11 00:02 . 2012-07-11 00:02 -------- d-----w- c:\program files\CONEXANT
2012-07-11 00:02 . 2012-07-11 00:02 -------- d-----w- c:\windows\LastGood
2012-07-10 23:09 . 2012-07-10 23:09 -------- d-----w- C:\_OTL
2012-07-08 20:48 . 2012-07-08 20:48 -------- d-----w- c:\documents and settings\fred\Application Data\Malwarebytes
2012-07-08 20:47 . 2012-07-08 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-08 20:47 . 2012-07-08 20:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-08 20:47 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-08 16:33 . 2012-07-08 16:33 -------- d-----w- c:\documents and settings\fred\Application Data\Dell
2012-07-08 16:33 . 2012-07-08 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
2012-07-08 16:32 . 2012-07-08 16:33 -------- d-----w- c:\program files\Dell Support Center
2012-07-08 16:09 . 2012-07-08 16:09 -------- d-----w- c:\documents and settings\fred\Application Data\PCDr
2012-07-07 13:09 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-07 13:09 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-07 13:09 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-07 13:09 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-07 13:09 . 2012-07-03 16:21 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-07-07 13:09 . 2012-07-03 16:21 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-07-07 13:09 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-07 13:09 . 2012-07-03 16:21 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-07-07 13:09 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-07 13:09 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-07 13:08 . 2012-07-07 13:08 -------- d-----w- c:\program files\AVAST Software
2012-07-07 13:08 . 2012-07-07 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-07-01 22:28 . 2012-07-01 22:28 -------- d-----w- c:\program files\CPUID
2012-07-01 22:28 . 2011-09-21 14:25 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2012-07-01 16:17 . 2012-07-01 16:19 -------- d-----w- C:\807a7ddf9bce4563aa
2012-07-01 16:10 . 2012-07-01 16:10 -------- d-----w- C:\38d79553ca62da422c
2012-07-01 15:25 . 2012-07-01 15:25 -------- d-----w- c:\program files\NirSoft
2012-07-01 15:13 . 2012-07-01 15:14 -------- d-----w- c:\program files\Support Tools
2012-06-30 18:07 . 2012-06-30 18:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2012-06-30 02:21 . 2012-06-05 07:37 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-06-21 14:13 . 2012-06-21 14:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2012-06-21 12:32 . 2012-06-21 12:32 -------- d-----w- c:\windows\system32\wbem\Repository
2012-06-13 22:20 . 2012-05-11 14:42 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-29 23:29 . 2012-04-06 18:40 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-29 23:29 . 2011-05-30 21:35 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2005-08-16 08:18 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2007-05-15 19:43 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2005-08-16 08:18 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 21:35 . 2005-05-26 08:19 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2005-08-16 08:18 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2007-05-31 19:26 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2007-05-31 19:26 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2005-08-16 08:40 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2005-08-16 08:40 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2005-08-16 08:40 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2007-05-31 19:26 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2005-08-16 08:40 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2005-08-16 08:40 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2005-08-16 08:18 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2005-05-26 08:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2007-05-31 19:26 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2005-08-16 08:40 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2005-08-16 08:40 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2007-06-01 14:57 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 19:18 . 2006-10-21 15:46 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2005-08-16 08:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2005-08-16 08:18 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2005-08-16 08:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2005-08-16 08:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2005-08-16 08:18 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2005-08-16 08:18 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-04 02:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2005-08-16 08:37 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-07-01 21:36 . 2012-07-01 21:36 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-09-30 93360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-04 176128]
"VX3000"="c:\windows\vVX3000.exe" [2009-06-26 757248]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-09-30 93360]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 130600]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2009-06-03 21:14 113152 ----a-w- c:\program files\ActivIdentity\ActivClient\ackpbsc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2009-06-03 21:13 299520 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\fred\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:*:Disabled:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:*:Disabled:Peer Name Resolution Protocol (PNRP)
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [11/4/2006 5:47 PM 19478]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/7/2012 9:09 AM 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/7/2012 9:09 AM 353688]
R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [11/4/2006 5:47 PM 634798]
R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [11/4/2006 5:47 PM 430670]
R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [6/3/2009 5:16 PM 207400]
R2 acautoupdate;ActivClient Auto-Update Service;c:\program files\ActivIdentity\ActivClient\acautoup.exe [6/3/2009 5:16 PM 51240]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/7/2012 9:09 AM 21256]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/16/2005 4:18 AM 14336]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/8/2012 4:47 PM 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/8/2012 4:47 PM 22344]
R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [11/7/2006 4:35 AM 59776]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sonypvd2.sys [11/4/2006 5:47 PM 64093]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/10/2009 8:07 AM 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/6/2012 2:40 PM 250056]
S3 cirrus;cirrus;c:\windows\system32\drivers\cirrus.sys [2/11/2009 9:17 PM 45696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/10/2009 8:07 AM 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [1/6/2012 12:47 PM 33792]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [4/24/2010 9:31 AM 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [4/24/2010 9:31 AM 13312]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [7/1/2012 5:36 PM 129976]
S3 Normandy;Normandy SR2; [x]
S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [1/1/2011 7:11 PM 21648]
S3 SCR131C;SCRx31 Serial Smart Card Reader;c:\windows\system32\drivers\SCR131C.sys [11/7/2002 5:04 AM 181875]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [4/6/2004 5:24 AM 64088]
S3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [11/7/2006 4:35 AM 59776]
S3 SNXPCARD;SNXPCARD;c:\windows\system32\drivers\snxpcard.sys [11/9/2006 10:14 AM 23040]
S3 SNXPPALX;SNXPPALX;c:\windows\system32\drivers\snxppalx.sys [11/9/2006 10:14 AM 76800]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MDMXSDK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 23:29]
.
2012-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-07-11 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-07 16:21]
.
2012-07-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-01 02:46]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 12:06]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 12:06]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1664530028-17251024-895595264-1006Core.job
- c:\documents and settings\fred\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-18 20:23]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1664530028-17251024-895595264-1006UA.job
- c:\documents and settings\fred\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-18 20:23]
.
2012-07-11 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2009-09-26 04:55]
.
2012-07-08 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-05-22 02:12]
.
2012-06-19 c:\windows\Tasks\scali incremental.job
- c:\windows\system32\ntbackup.exe [2005-08-16 00:12]
.
2012-06-18 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2006-10-20 19:31]
.
2012-06-18 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-02-13 19:31]
.
2012-07-11 c:\windows\Tasks\User_Feed_Synchronization-{260475ED-8C3E-4671-A806-0E5FA98D893F}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?tab=mw&hl=en&source=iglk
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: aa.com
Trusted Zone: ancestry.com\www
Trusted Zone: army.mil
Trusted Zone: citimortgage.com\www
Trusted Zone: dau.mil
Trusted Zone: disa.mil
Trusted Zone: dsw.com\www
Trusted Zone: google.com\mail
Trusted Zone: keysenergy.com\www
Trusted Zone: mymonthlycycles.com\www
Trusted Zone: navyfcu.org
Trusted Zone: noaa.gov
Trusted Zone: osd.mil
Trusted Zone: paypal.com\www
Trusted Zone: southcom.mil
Trusted Zone: southcom.mil\owa.jiatfs
Trusted Zone: ugov.gov
Trusted Zone: usmc.mil
TCP: DhcpNameServer = 205.152.144.23 205.152.132.23
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
FF - ProfilePath - c:\documents and settings\fred\Application Data\Mozilla\Firefox\Profiles\lu62k214.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-RunOnce-SWHelper - c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-11 07:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(880)
c:\program files\ActivIdentity\ActivClient\ackpbsc.dll
c:\program files\ActivIdentity\ActivClient\aclog.dll
c:\program files\ActivIdentity\ActivClient\accrypto.dll
c:\program files\ActivIdentity\ActivClient\ACLIBEAY.dll
c:\program files\ActivIdentity\ActivClient\acevtsub.dll
c:\program files\ActivIdentity\ActivClient\asphat32.dll
c:\program files\ActivIdentity\ActivClient\acerrmes.dll
c:\program files\ActivIdentity\ActivClient\aiwinext.dll
c:\program files\ActivIdentity\ActivClient\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\asphatrc.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\program files\ActivIdentity\ActivClient\aipingui.dll
c:\program files\ActivIdentity\ActivClient\aicext.dll
c:\program files\ActivIdentity\ActivClient\Resources\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIlrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\acunlockrc.dll
.
Completion time: 2012-07-11 07:45:21
ComboFix-quarantined-files.txt 2012-07-11 11:45
.
Pre-Run: 43,080,146,944 bytes free
Post-Run: 44,293,406,720 bytes free
.
- - End Of File - - AA6DF3A105052B774CFB84E00C895140

**torreattack** · 2012-07-12, 19:52

Hi fscali:

I saw you are installing and running some tools like AVast and Malwarebytes Antimalware without my knowledge. Please stop doing it, because it may complicated the situation.

1. Multiple Antivirus Programs
You are running more than 1 Antivirus program!
Microsoft Security Essentials
avast! Antivirus
Running - more than one - antivirus program is not recommended because:

They can conflict with each other.
Report the other antivirus software as malicious.
Antivirus programs use an enormous amount of computer's resources... actively scanning your computer.
Can cause your computer to run slowly, become unstable and crash.

I strongly suggest you uninstall one of them. Which one, is your decision.
However, personally, I would recommend you to uninstall Microsoft Security Essentials.

2. ComboFix - CFScript
WARNING !
This script is for THIS user and computer ONLY!
Using this tool incorrectly could damage your Operating System... preventing it from starting again!

You will not have Internet access when you execute ComboFix. All open windows will need to be closed!

Please open Notepad and copy/paste all the text below... into the window:

Code:

ClearJavaCache::

KillAll::

DDS::
mURLSearchHooks: H - No File
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]
2011-10-14 19:02:31 161720 ----a-w- c:\program files\2pres.dll

Save it to your desktop as CFScript.txt
Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:

This will cause ComboFix to run again.
Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
Do Not touch your computer when ComboFix is running!
When finished... Notepad will open ... ComboFix will produce a log file called "log.txt".
Please copy/paste the contents of log.txt... in your next reply.

** Enable your Antivirus and Firewall, before connecting to the Internet again! **

3. Download HijackThis
Download HiJackThis from here
NOTE: Please uninstall the older version of HiJackThis first.

Save HJTInstall.exe to your desktop
Double click on the HJTInstall.exe icon on your desktop
By default it will install to C:\Program Files\Trend Micro\HijackThis
Click on Install
It will create a HiJackThis icon on the desktop
Once installed, it will launch HiJackThis
Click I Agree and click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log
Come back here to this thread and paste the log in your next reply

DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

4. Please give me an update of your problem.

Thanks,
torreattack

**fscali** · 2012-07-14, 12:47

Sorry for the delay. Things got a little busy. Many Thanks. Responses below:

Originally Posted by torreattack

Hi fscali:

1. Multiple Antivirus Programs

avast is now the only a/v program. the CF log still makes reference to MSSE but that has been uninstalled along w/ malwarebytes.

2. ComboFix - CFScript

LOG:

ComboFix 12-07-13.03 - fred 07/14/2012 6:08.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1490 [GMT -4:00]
Running from: c:\documents and settings\fred\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\fred\Desktop\cfscript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\PCDr\5907\Downloads\246b20c1-8ea9-4148-a34e-d03c8a1d5a76.dll
c:\windows\system32\drivers\etc\hosts.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-06-14 to 2012-07-14 )))))))))))))))))))))))))))))))
.
.
2012-07-14 10:03 . 2012-07-14 10:03 -------- d-----w- c:\program files\Trend Micro
2012-07-12 22:22 . 2012-07-12 22:22 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-11 00:02 . 2012-07-11 00:02 -------- d-----w- c:\program files\CONEXANT
2012-07-08 20:48 . 2012-07-08 20:48 -------- d-----w- c:\documents and settings\fred\Application Data\Malwarebytes
2012-07-08 20:47 . 2012-07-08 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-08 16:33 . 2012-07-08 16:33 -------- d-----w- c:\documents and settings\fred\Application Data\Dell
2012-07-08 16:33 . 2012-07-08 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
2012-07-08 16:32 . 2012-07-08 16:33 -------- d-----w- c:\program files\Dell Support Center
2012-07-08 16:09 . 2012-07-08 16:09 -------- d-----w- c:\documents and settings\fred\Application Data\PCDr
2012-07-07 13:09 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-07 13:09 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-07 13:09 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-07 13:09 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-07 13:09 . 2012-07-03 16:21 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-07-07 13:09 . 2012-07-03 16:21 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-07-07 13:09 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-07 13:09 . 2012-07-03 16:21 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-07-07 13:09 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-07 13:09 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-07 13:08 . 2012-07-07 13:08 -------- d-----w- c:\program files\AVAST Software
2012-07-07 13:08 . 2012-07-07 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-07-01 22:28 . 2012-07-01 22:28 -------- d-----w- c:\program files\CPUID
2012-07-01 22:28 . 2011-09-21 14:25 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2012-07-01 15:25 . 2012-07-01 15:25 -------- d-----w- c:\program files\NirSoft
2012-07-01 15:13 . 2012-07-01 15:14 -------- d-----w- c:\program files\Support Tools
2012-06-30 18:07 . 2012-06-30 18:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2012-06-30 02:21 . 2012-06-05 07:37 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-06-21 14:13 . 2012-06-21 14:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2012-06-21 12:32 . 2012-06-21 12:32 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 23:28 . 2012-04-06 18:40 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-11 23:28 . 2011-05-30 21:35 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2005-08-16 08:18 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2007-05-15 19:43 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2005-08-16 08:18 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 21:35 . 2005-05-26 08:19 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2005-08-16 08:18 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2007-05-31 19:26 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2007-05-31 19:26 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2005-08-16 08:40 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2005-08-16 08:40 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2005-08-16 08:40 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2007-05-31 19:26 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2005-08-16 08:40 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2005-08-16 08:40 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2005-08-16 08:18 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2005-05-26 08:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2007-05-31 19:26 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2005-08-16 08:40 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2005-08-16 08:40 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2007-06-01 14:57 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 19:18 . 2006-10-21 15:46 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2005-08-16 08:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2005-08-16 08:18 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2005-08-16 08:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2005-08-16 08:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2005-08-16 08:18 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2005-08-16 08:18 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-04 02:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2005-08-16 08:37 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-07-01 21:36 . 2012-07-01 21:36 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-11_11.39.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-14 10:18 . 2012-07-14 10:18 16384 c:\windows\temp\Perflib_Perfdata_500.dat
+ 2012-07-13 05:21 . 2012-07-13 05:21 22016 c:\windows\Installer\172bc29.msi
+ 2012-07-11 23:28 . 2012-07-11 23:28 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe
+ 2012-07-11 22:28 . 2012-07-11 22:28 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
+ 2012-07-11 22:28 . 2012-07-11 22:28 465096 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.dll
+ 2012-04-06 18:40 . 2012-07-11 23:28 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
- 2012-04-06 18:40 . 2012-06-29 23:29 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-07-11 23:28 . 2012-07-11 23:28 9465032 c:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-09-30 93360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-04 176128]
"VX3000"="c:\windows\vVX3000.exe" [2009-06-26 757248]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-09-30 93360]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 130600]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2009-06-03 21:14 113152 ----a-w- c:\program files\ActivIdentity\ActivClient\ackpbsc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2009-06-03 21:13 299520 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\fred\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:*:Disabled:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:*:Disabled:Peer Name Resolution Protocol (PNRP)
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [11/4/2006 5:47 PM 19478]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/7/2012 9:09 AM 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/7/2012 9:09 AM 353688]
R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [11/4/2006 5:47 PM 634798]
R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [11/4/2006 5:47 PM 430670]
R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [6/3/2009 5:16 PM 207400]
R2 acautoupdate;ActivClient Auto-Update Service;c:\program files\ActivIdentity\ActivClient\acautoup.exe [6/3/2009 5:16 PM 51240]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/7/2012 9:09 AM 21256]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/16/2005 4:18 AM 14336]
R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [11/7/2006 4:35 AM 59776]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sonypvd2.sys [11/4/2006 5:47 PM 64093]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/10/2009 8:07 AM 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/6/2012 2:40 PM 250056]
S3 cirrus;cirrus;c:\windows\system32\drivers\cirrus.sys [2/11/2009 9:17 PM 45696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/10/2009 8:07 AM 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [1/6/2012 12:47 PM 33792]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [4/24/2010 9:31 AM 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [4/24/2010 9:31 AM 13312]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/12/2012 6:22 PM 40776]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [7/1/2012 5:36 PM 129976]
S3 Normandy;Normandy SR2; [x]
S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [1/1/2011 7:11 PM 21648]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\Dell Support Center\pcdsrvc.pkms [4/10/2012 2:51 PM 21744]
S3 SCR131C;SCRx31 Serial Smart Card Reader;c:\windows\system32\drivers\SCR131C.sys [11/7/2002 5:04 AM 181875]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [4/6/2004 5:24 AM 64088]
S3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [11/7/2006 4:35 AM 59776]
S3 SNXPCARD;SNXPCARD;c:\windows\system32\drivers\snxpcard.sys [11/9/2006 10:14 AM 23040]
S3 SNXPPALX;SNXPPALX;c:\windows\system32\drivers\snxppalx.sys [11/9/2006 10:14 AM 76800]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 23:28]
.
2012-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-07-14 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-07 16:21]
.
2012-07-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-01 02:46]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 12:06]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 12:06]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1664530028-17251024-895595264-1006Core.job
- c:\documents and settings\fred\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-18 20:23]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1664530028-17251024-895595264-1006UA.job
- c:\documents and settings\fred\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-18 20:23]
.
2012-07-14 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2009-09-26 04:55]
.
2012-07-08 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-05-22 02:12]
.
2012-06-19 c:\windows\Tasks\scali incremental.job
- c:\windows\system32\ntbackup.exe [2005-08-16 00:12]
.
2012-06-18 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2006-10-20 19:31]
.
2012-06-18 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-02-13 19:31]
.
2012-07-14 c:\windows\Tasks\User_Feed_Synchronization-{260475ED-8C3E-4671-A806-0E5FA98D893F}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?tab=mw&hl=en&source=iglk
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: aa.com
Trusted Zone: ancestry.com\www
Trusted Zone: army.mil
Trusted Zone: citimortgage.com\www
Trusted Zone: dau.mil
Trusted Zone: disa.mil
Trusted Zone: dsw.com\www
Trusted Zone: google.com\mail
Trusted Zone: keysenergy.com\www
Trusted Zone: mymonthlycycles.com\www
Trusted Zone: navyfcu.org
Trusted Zone: noaa.gov
Trusted Zone: osd.mil
Trusted Zone: paypal.com\www
Trusted Zone: southcom.mil
Trusted Zone: southcom.mil\owa.jiatfs
Trusted Zone: ugov.gov
Trusted Zone: usmc.mil
TCP: DhcpNameServer = 205.152.144.23 205.152.132.23
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
FF - ProfilePath - c:\documents and settings\fred\Application Data\Mozilla\Firefox\Profiles\lu62k214.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-14 06:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(884)
c:\program files\ActivIdentity\ActivClient\ackpbsc.dll
c:\program files\ActivIdentity\ActivClient\aclog.dll
c:\program files\ActivIdentity\ActivClient\accrypto.dll
c:\program files\ActivIdentity\ActivClient\ACLIBEAY.dll
c:\program files\ActivIdentity\ActivClient\acevtsub.dll
c:\program files\ActivIdentity\ActivClient\asphat32.dll
c:\program files\ActivIdentity\ActivClient\acerrmes.dll
c:\program files\ActivIdentity\ActivClient\aiwinext.dll
c:\program files\ActivIdentity\ActivClient\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\asphatrc.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\program files\ActivIdentity\ActivClient\aipingui.dll
c:\program files\ActivIdentity\ActivClient\aicext.dll
c:\program files\ActivIdentity\ActivClient\Resources\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIlrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\acunlockrc.dll
.
- - - - - - - > 'explorer.exe'(3604)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\dllhost.exe
c:\windows\stsystra.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\wscntfy.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\windows\system32\HPZipm12.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-07-14 06:25:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-14 10:25
ComboFix2.txt 2012-07-11 11:45
.
Pre-Run: 43,900,420,096 bytes free
Post-Run: 43,827,171,328 bytes free
.
- - End Of File - - 0527534473632328EE0EA1C627ADFDDE

3. Download HijackThis

LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:36:37 AM, on 7/14/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\Program Files\ActivIdentity\ActivClient\acautoup.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Olympus\ib\olycamdetect.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4061016
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Olympus\ib" UpdateWithCreateOnce "Software\OLYMPUS\ib\1.0"
O4 - HKLM\..\Run: [Olympus ib] "C:\Program Files\Olympus\ib\olycamdetect.exe" /Startup
O4 - HKLM\..\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Olympus ib] "C:\Program Files\Olympus\ib\olycamdetect.exe" /Startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Add to Wish List - {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files\Amazon\Add to Wish List IE Extension\run.htm
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.aa.com
O15 - Trusted Zone: http://www.ancestry.com
O15 - Trusted Zone: *.army.mil
O15 - Trusted Zone: *.dau.mil
O15 - Trusted Zone: *.disa.mil
O15 - Trusted Zone: http://www.dsw.com
O15 - Trusted Zone: http://www.keysenergy.com
O15 - Trusted Zone: http://www.mymonthlycycles.com
O15 - Trusted Zone: *.navyfcu.org
O15 - Trusted Zone: *.noaa.gov
O15 - Trusted Zone: *.osd.mil
O15 - Trusted Zone: *.southcom.mil
O15 - Trusted Zone: *.ugov.gov
O15 - Trusted Zone: *.usmc.mil
O15 - Trusted IP range: 192.168.0.254
O15 - Trusted IP range: http://192.168.1.1
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/...nAxControl.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://echat.bellsouth.net/sdccommon...ad/tgctlcm.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} -
O16 - DPF: {16F67783-7E72-4C39-99C4-4780A8335484} (SyncXfer Class) - http://www.syncmyride.com/Own/Module...plets/sync.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/...lMgr_v01_4.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase6770.cab
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} (Launcher Class) - http://www.dell.com/support/troubles.../Ode/pcd86.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1341157801052
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://192.168.0.32/activex/AMC.cab
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} (iCloud Web App Plugin) - https://www.icloud.com/system/iCloud.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/C...CamControl.ocx
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.fujifilm.net/upload/FujifilmUploadClient.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/...osticsxp2k.cab
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofil...SystemLite.CAB
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} (Java Plug-in 1.6.0_29) -
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} (RIM AxLoader) - http://mobileapps.blackberry.com/dev...e/AxLoader.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - Winlogon Notify: ackpbsc - C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll
O20 - Winlogon Notify: acunlock - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: ActivClient Auto-Update Service (acautoupdate) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\acautoup.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 15533 bytes

**torreattack** · 2012-07-14, 15:38

Hi fscali:

avast is now the only a/v program. the CF log still makes reference to MSSE but that has been uninstalled along w/ malwarebytes.

Do you mean you already uninstall MSE and MBAM but the logs still showing them?

Please give me an update of your problem.

thanks,
torreattack

Thread: rebooting and blue screening

Thread Tools

Display

Posting Permissions