win32.palevo

JonTom · Aug 6, 2011

Hello Samwise

Does the same problem arise when you try to install a different AV?

As a test, see if you are able to download and install Avira:

Security programs
- Avira AntiVir
  
  In the meantime, I am going to confer with some of my colleagues for a second opinion on what could be causing this issue.
  
  I will get back to you as soon as I can.

Samwise · Aug 6, 2011

Avira

Avira immediately detected 'Windows Defender' and asked that it be disabled.
Message was something like this:
"Windows Defender is active and will interfere with the download. Go to Tools, Options, and disable real time protection and use windows defender functions"

I did this and Avira downloaded and is doing its first scan right now.
I do not believe I have ever heard of Windows defender.

Samwise · Aug 6, 2011

Avira Scan report

Avira AntiVir Personal
Report file date: Saturday, August 06, 2011 16:14

Scanning for 3337992 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 x64
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : John
Computer name : SAMIAM-PC

Version information:
BUILD.DAT : 10.0.0.652 31824 Bytes 7/20/2011 16:49:00
AVSCAN.EXE : 10.0.4.2 442024 Bytes 7/20/2011 15:30:06
AVSCAN.DLL : 10.0.3.0 46440 Bytes 7/20/2011 15:30:45
LUKE.DLL : 10.0.3.2 104296 Bytes 7/20/2011 15:30:32
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 11:53:55
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 11:53:56
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 15:30:38
VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 15:30:40
VBASE005.VDF : 7.11.10.251 1788416 Bytes 7/7/2011 15:30:41
VBASE006.VDF : 7.11.10.252 2048 Bytes 7/7/2011 15:30:41
VBASE007.VDF : 7.11.10.253 2048 Bytes 7/7/2011 15:30:41
VBASE008.VDF : 7.11.10.254 2048 Bytes 7/7/2011 15:30:41
VBASE009.VDF : 7.11.10.255 2048 Bytes 7/7/2011 15:30:41
VBASE010.VDF : 7.11.11.0 2048 Bytes 7/7/2011 15:30:41
VBASE011.VDF : 7.11.11.1 2048 Bytes 7/7/2011 15:30:41
VBASE012.VDF : 7.11.11.2 2048 Bytes 7/7/2011 15:30:41
VBASE013.VDF : 7.11.11.75 688128 Bytes 7/12/2011 15:30:41
VBASE014.VDF : 7.11.11.104 978944 Bytes 7/13/2011 15:30:42
VBASE015.VDF : 7.11.11.137 655360 Bytes 7/14/2011 15:30:42
VBASE016.VDF : 7.11.11.184 699392 Bytes 7/18/2011 20:13:58
VBASE017.VDF : 7.11.11.214 414208 Bytes 7/19/2011 20:13:59
VBASE018.VDF : 7.11.11.242 772096 Bytes 7/20/2011 20:13:59
VBASE019.VDF : 7.11.12.3 1291776 Bytes 7/20/2011 20:14:00
VBASE020.VDF : 7.11.12.30 844288 Bytes 7/21/2011 20:14:00
VBASE021.VDF : 7.11.12.67 149504 Bytes 7/24/2011 20:14:01
VBASE022.VDF : 7.11.12.93 195072 Bytes 7/25/2011 20:14:01
VBASE023.VDF : 7.11.12.113 150528 Bytes 7/26/2011 20:14:01
VBASE024.VDF : 7.11.12.152 182784 Bytes 7/28/2011 20:14:01
VBASE025.VDF : 7.11.12.181 117760 Bytes 8/1/2011 20:14:01
VBASE026.VDF : 7.11.12.205 148480 Bytes 8/3/2011 20:14:01
VBASE027.VDF : 7.11.12.229 252928 Bytes 8/5/2011 20:14:01
VBASE028.VDF : 7.11.12.230 2048 Bytes 8/5/2011 20:14:02
VBASE029.VDF : 7.11.12.231 2048 Bytes 8/5/2011 20:14:02
VBASE030.VDF : 7.11.12.232 2048 Bytes 8/5/2011 20:14:02
VBASE031.VDF : 7.11.12.233 2048 Bytes 8/5/2011 20:14:02
Engineversion : 8.2.6.28
AEVDF.DLL : 8.1.2.1 106868 Bytes 4/21/2011 11:53:28
AESCRIPT.DLL : 8.1.3.74 1622393 Bytes 8/6/2011 20:14:04
AESCN.DLL : 8.1.7.2 127349 Bytes 4/21/2011 11:53:27
AESBX.DLL : 8.2.1.34 323957 Bytes 7/20/2011 15:29:54
AERDL.DLL : 8.1.9.13 639349 Bytes 7/20/2011 15:29:53
AEPACK.DLL : 8.2.9.5 676214 Bytes 7/20/2011 15:29:53
AEOFFICE.DLL : 8.1.2.13 201083 Bytes 8/6/2011 20:14:04
AEHEUR.DLL : 8.1.2.151 3584374 Bytes 8/6/2011 20:14:03
AEHELP.DLL : 8.1.17.7 254327 Bytes 8/6/2011 20:14:02
AEGEN.DLL : 8.1.5.7 401778 Bytes 8/6/2011 20:14:02
AEEMU.DLL : 8.1.3.0 393589 Bytes 4/21/2011 11:53:14
AECORE.DLL : 8.1.22.4 196983 Bytes 7/20/2011 15:29:42
AEBB.DLL : 8.1.1.0 53618 Bytes 4/21/2011 11:53:14
AVWINLL.DLL : 10.0.0.0 19304 Bytes 4/21/2011 11:53:36
AVPREF.DLL : 10.0.0.0 44904 Bytes 7/20/2011 15:30:04
AVREP.DLL : 10.0.0.8 62209 Bytes 7/20/2011 15:30:04
AVREG.DLL : 10.0.3.2 53096 Bytes 7/20/2011 15:30:04
AVSCPLR.DLL : 10.0.4.2 84840 Bytes 7/20/2011 15:30:06
AVARKT.DLL : 10.0.22.6 231784 Bytes 7/20/2011 15:29:58
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 7/20/2011 15:30:03
SQLITE3.DLL : 3.6.19.0 355688 Bytes 7/20/2011 20:40:24
AVSMTP.DLL : 10.0.0.17 63848 Bytes 4/21/2011 11:53:36
NETNT.DLL : 10.0.0.0 11624 Bytes 4/21/2011 11:53:46
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 7/20/2011 15:30:48
RCTEXT.DLL : 10.0.58.0 97128 Bytes 7/20/2011 15:30:48

Configuration settings for the scan:
Jobname.............................: Short system scan after installation
Configuration file..................: c:\program files (x86)\avira\antivir desktop\setupprf.dat
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Saturday, August 06, 2011 16:14

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'setup.exe' - '1' Module(s) have been scanned
Scan process 'presetup.exe' - '1' Module(s) have been scanned
Scan process 'avira_antivir_personal_en.exe' - '1' Module(s) have been scanned
Scan process 'IAStorDataMgrSvc.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'MemeoBackup.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'accuweather.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'RoxioBurnLauncher.exe' - '1' Module(s) have been scanned
Scan process 'brs.exe' - '1' Module(s) have been scanned
Scan process 'stage_secondary.exe' - '1' Module(s) have been scanned
Scan process 'PDVD9Serv.exe' - '1' Module(s) have been scanned
Scan process 'ShwiconXP9106.exe' - '1' Module(s) have been scanned
Scan process 'IAStorIcon.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'VolPanlu.exe' - '1' Module(s) have been scanned
Scan process 'MSOSYNC.EXE' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'stage_primary.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'SDWinSec.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.EXE' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'vpnagent.exe' - '1' Module(s) have been scanned
Scan process 'CTAudSvc.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
Master boot sector HD5
[INFO] No virus was found!
Master boot sector HD6
[INFO] No virus was found!

Start scanning boot sectors:

Starting to scan executable files (registry).
The registry was scanned ( '939' files ).

End of the scan: Saturday, August 06, 2011 16:15
Used time: 00:42 Minute(s)

The scan has been done completely.

0 Scanned directories
1533 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
1533 Files not concerned
6 Archives were scanned
0 Warnings
0 Notes

Samwise · Aug 6, 2011

Ps

I pretty much unclicked everything in Windows defender so let me know if that is okay.

JonTom · Aug 6, 2011

Hello Samwise

Phew! I'm glad we finally managed to get an AV installed

The Avira scan appears to be clean.

I do not believe I have ever heard of Windows defender

Its a legit application that comes pre-installed with Vista/Win7.

I believe that it can be left running alongside avira (chances are you only had to disable it for the download). It would cause no harm to re-enable it and see how the machine runs - if there are any problems with it engaged you can always disable it again, but it is not malicious.

Are you still having trouble accessing "Status" etc?

An error comes up many times saying Windows cannot find...and it lists a long string of numbers and characters.

Please try to copy the whole error message the next time it appears and post it here please.

Samwise · Aug 6, 2011

I agree...

I too, am glad to have an security program running. However, the other issue persists. Most of the available buttons in the control panel seem to be non responsive to right or left clicking. It's not until you click on:

Windows Update: Turn automatic updating on or off

that you get this big X in a red circle with this message:

HTML:

Windows cannot find 
1::{26EE0668-A00A-44D7-9371-BEB064C98683}\5\::}36EEF7DB-88AD-4E81-AD4...\page settings: Make sure you typed the name correctly and then try again

Be advised I was not able to cut and paste the error message so I hope it is accurately transcribed.

Do you think I need to reinstall windows?

JonTom · Aug 6, 2011

Hello Samwise

Do you think I need to reinstall windows?

That is always an option but I think it would be a little rash to do so just now.

As your scans are coming back clean, the remaining issue does not appear to be associated with malware, but we can try the following to see if it helps:

System File Checker
- Click on Start and then on All Programs.
- Click on Accessories then right click on Command Prompt and select Run as Administrator.
- If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
- Type the following command, and then press ENTER
sfc /scannow
- Let the system file checker run unhindered.
- Note: The program may (or it may not) ask you for your installation CD - please insert it at the prompt. If it doesn't ask you for the CD this means that it wasn't necessary to replace any files.
- You may have to exit the scan should you be notified that an installation disk is required and you do not have one.
Once complete let me know if the problem is resolved.

Samwise · Aug 7, 2011

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>sfc /scannow

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.
Windows Resource Protection found corrupt files but was unable to fix some of th
em.
Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example
C:\Windows\Logs\CBS\CBS.log

C:\Windows\system32>

Samwise · Aug 7, 2011

Hello JonTom

I was trying to post again and got Knocked off somehow and the command screen disappeared. Here is what I was saying:

1. I am very sorry I could not respond sooner to your last post.
2. The process ran, as you can see, but I was never asked to insert a cd. For future reference, the software came pre-installed on this Dell 8300 and I am not sure which of the three unopened CD's I should use if prompted (drivers and utilities, drivers and documentation, and reinstallation dvd[which says: Use this only to reinstall the operating system]).
3. I searched and looked in the directory path for the CBS log and at one point got a message "access denied".

Based on what you have said before about your time zone, I suspect you have retired for the night. Hopefully you have time to check this in the morning. Thanks!!!

Samwise · Aug 7, 2011

Hello JonTom

I checked control panel as you asked and lo and behold it seems to be working!:thanks:

I did not think anything would have changed since it did not ask for a disc and said there were corrupt files it could not repair.

As I was clicking through the control panel, I clicked a button in Windows update to repair any problems and it stated that it had found and fixed a problem.

The firewall section states that the firewall and virus program are on.

JonTom · Aug 7, 2011

Hello Samwise

It may be possible that NoScript was interfering with the MSE download issue you had previously.

I checked control panel as you asked and lo and behold it seems to be working!

Yes!

As everything appears to be running okay now I think we are just about done.

Please feel free to delete SystemLook from your machine as you no longer need it.

Enjoy the rest of your weekend

JonTom

Samwise · Aug 7, 2011

One more scan...

I noticed Avira said it had not run a full scan. It looks like it found some stuff. Is there anything else I need to turn on or off?

Avira AntiVir Personal
Report file date: Sunday, August 07, 2011 07:58

Scanning for 3337992 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 x64
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : SYSTEM
Computer name : SAMIAM-PC

Version information:
BUILD.DAT : 10.0.0.652 31824 Bytes 7/20/2011 16:49:00
AVSCAN.EXE : 10.0.4.2 442024 Bytes 7/20/2011 15:30:06
AVSCAN.DLL : 10.0.3.0 46440 Bytes 7/20/2011 15:30:45
LUKE.DLL : 10.0.3.2 104296 Bytes 7/20/2011 15:30:32
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 11:53:55
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 11:53:56
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 15:30:38
VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 15:30:40
VBASE005.VDF : 7.11.10.251 1788416 Bytes 7/7/2011 15:30:41
VBASE006.VDF : 7.11.10.252 2048 Bytes 7/7/2011 15:30:41
VBASE007.VDF : 7.11.10.253 2048 Bytes 7/7/2011 15:30:41
VBASE008.VDF : 7.11.10.254 2048 Bytes 7/7/2011 15:30:41
VBASE009.VDF : 7.11.10.255 2048 Bytes 7/7/2011 15:30:41
VBASE010.VDF : 7.11.11.0 2048 Bytes 7/7/2011 15:30:41
VBASE011.VDF : 7.11.11.1 2048 Bytes 7/7/2011 15:30:41
VBASE012.VDF : 7.11.11.2 2048 Bytes 7/7/2011 15:30:41
VBASE013.VDF : 7.11.11.75 688128 Bytes 7/12/2011 15:30:41
VBASE014.VDF : 7.11.11.104 978944 Bytes 7/13/2011 15:30:42
VBASE015.VDF : 7.11.11.137 655360 Bytes 7/14/2011 15:30:42
VBASE016.VDF : 7.11.11.184 699392 Bytes 7/18/2011 20:13:58
VBASE017.VDF : 7.11.11.214 414208 Bytes 7/19/2011 20:13:59
VBASE018.VDF : 7.11.11.242 772096 Bytes 7/20/2011 20:13:59
VBASE019.VDF : 7.11.12.3 1291776 Bytes 7/20/2011 20:14:00
VBASE020.VDF : 7.11.12.30 844288 Bytes 7/21/2011 20:14:00
VBASE021.VDF : 7.11.12.67 149504 Bytes 7/24/2011 20:14:01
VBASE022.VDF : 7.11.12.93 195072 Bytes 7/25/2011 20:14:01
VBASE023.VDF : 7.11.12.113 150528 Bytes 7/26/2011 20:14:01
VBASE024.VDF : 7.11.12.152 182784 Bytes 7/28/2011 20:14:01
VBASE025.VDF : 7.11.12.181 117760 Bytes 8/1/2011 20:14:01
VBASE026.VDF : 7.11.12.205 148480 Bytes 8/3/2011 20:14:01
VBASE027.VDF : 7.11.12.229 252928 Bytes 8/5/2011 20:14:01
VBASE028.VDF : 7.11.12.230 2048 Bytes 8/5/2011 20:14:02
VBASE029.VDF : 7.11.12.231 2048 Bytes 8/5/2011 20:14:02
VBASE030.VDF : 7.11.12.232 2048 Bytes 8/5/2011 20:14:02
VBASE031.VDF : 7.11.12.233 2048 Bytes 8/5/2011 20:14:02
Engineversion : 8.2.6.28
AEVDF.DLL : 8.1.2.1 106868 Bytes 4/21/2011 11:53:28
AESCRIPT.DLL : 8.1.3.74 1622393 Bytes 8/6/2011 20:14:04
AESCN.DLL : 8.1.7.2 127349 Bytes 4/21/2011 11:53:27
AESBX.DLL : 8.2.1.34 323957 Bytes 7/20/2011 15:29:54
AERDL.DLL : 8.1.9.13 639349 Bytes 7/20/2011 15:29:53
AEPACK.DLL : 8.2.9.5 676214 Bytes 7/20/2011 15:29:53
AEOFFICE.DLL : 8.1.2.13 201083 Bytes 8/6/2011 20:14:04
AEHEUR.DLL : 8.1.2.151 3584374 Bytes 8/6/2011 20:14:03
AEHELP.DLL : 8.1.17.7 254327 Bytes 8/6/2011 20:14:02
AEGEN.DLL : 8.1.5.7 401778 Bytes 8/6/2011 20:14:02
AEEMU.DLL : 8.1.3.0 393589 Bytes 4/21/2011 11:53:14
AECORE.DLL : 8.1.22.4 196983 Bytes 7/20/2011 15:29:42
AEBB.DLL : 8.1.1.0 53618 Bytes 4/21/2011 11:53:14
AVWINLL.DLL : 10.0.0.0 19304 Bytes 4/21/2011 11:53:36
AVPREF.DLL : 10.0.0.0 44904 Bytes 7/20/2011 15:30:04
AVREP.DLL : 10.0.0.8 62209 Bytes 7/20/2011 15:30:04
AVREG.DLL : 10.0.3.2 53096 Bytes 7/20/2011 15:30:04
AVSCPLR.DLL : 10.0.4.2 84840 Bytes 7/20/2011 15:30:06
AVARKT.DLL : 10.0.22.6 231784 Bytes 7/20/2011 15:29:58
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 7/20/2011 15:30:03
SQLITE3.DLL : 3.6.19.0 355688 Bytes 7/20/2011 20:40:24
AVSMTP.DLL : 10.0.0.17 63848 Bytes 4/21/2011 11:53:36
NETNT.DLL : 10.0.0.0 11624 Bytes 4/21/2011 11:53:46
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 7/20/2011 15:30:48
RCTEXT.DLL : 10.0.58.0 97128 Bytes 7/20/2011 15:30:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, E:, F:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Sunday, August 07, 2011 07:58

Starting search for hidden objects.
C:\Program Files\Common Files\Microsoft Shared\Windows Live
C:\Program Files\Common Files\Microsoft Shared\Windows Live
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}\compatibility flags
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Media Center\Extensibility\Entry Points\{f5d70db2-0c9b-4a2a-a24e-b06fbe9af19c}\run
[NOTE] The registry entry is invisible.
C:\Users\John\AppData\Local\Temp\{1F4882F7-14DF-46B2-80D5-EF7F28BBFC9D}\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\spore.png
C:\Users\John\AppData\Local\Temp\{1F4882F7-14DF-46B2-80D5-EF7F28BBFC9D}\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\spore.png
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Media Center\Settings\VideoSettings\recordingkeepuntil
[NOTE] The registry entry is invisible.
c:\windows\system32\wuauclt.exe
c:\windows\system32\wuauclt.exe
[NOTE] The process is not visible.

The scan of running processes will be started
Scan process 'avscan.exe' - '80' Module(s) have been scanned
Scan process 'avscan.exe' - '30' Module(s) have been scanned
Scan process 'avcenter.exe' - '75' Module(s) have been scanned
Scan process 'plugin-container.exe' - '80' Module(s) have been scanned
Scan process 'firefox.exe' - '98' Module(s) have been scanned
Scan process 'sched.exe' - '50' Module(s) have been scanned
Scan process 'avguard.exe' - '69' Module(s) have been scanned
Scan process 'IAStorDataMgrSvc.exe' - '47' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '75' Module(s) have been scanned
Scan process 'RoxioBurnLauncher.exe' - '66' Module(s) have been scanned
Scan process 'brs.exe' - '22' Module(s) have been scanned
Scan process 'stage_secondary.exe' - '77' Module(s) have been scanned
Scan process 'PDVD9Serv.exe' - '27' Module(s) have been scanned
Scan process 'ShwiconXP9106.exe' - '32' Module(s) have been scanned
Scan process 'IAStorIcon.exe' - '49' Module(s) have been scanned
Scan process 'rundll32.exe' - '49' Module(s) have been scanned
Scan process 'VolPanlu.exe' - '65' Module(s) have been scanned
Scan process 'MSOSYNC.EXE' - '49' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '67' Module(s) have been scanned
Scan process 'stage_primary.exe' - '88' Module(s) have been scanned
Scan process 'SDWinSec.exe' - '48' Module(s) have been scanned
Scan process 'SeaPort.EXE' - '49' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '41' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '50' Module(s) have been scanned
Scan process 'vpnagent.exe' - '57' Module(s) have been scanned
Scan process 'CTAudSvc.exe' - '30' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
Master boot sector HD5
[INFO] No virus was found!
Master boot sector HD6
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '735' files ).

Starting the file scan:

Begin scan in 'C:\' <OS>
C:\Users\John\Documents\John Salay\Local Settings\Temporary Internet Files\Content.IE5\W9EN4LAB\www.safetyhomepage[1]
[DETECTION] Contains recognition pattern of the ADSPY/PestTrap adware or spyware
Begin scan in 'E:\' <HD-WIU2>
E:\John Salay\Local Settings\Temporary Internet Files\Content.IE5\W9EN4LAB\www.safetyhomepage[1]
[DETECTION] Contains recognition pattern of the ADSPY/PestTrap adware or spyware
Begin scan in 'F:\' <HD-WIU2>
F:\JOHN-PC\Backup Set 2011-01-26 200110\Backup Files 2011-01-30 234808\Backup files 3.zip
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the ADSPY/PestTrap adware or spyware
--> C/Users/John/Documents/John Salay/Local Settings/Temporary Internet Files/Content.IE5/W9EN4LAB/www.safetyhomepage[1]
[DETECTION] Contains recognition pattern of the ADSPY/PestTrap adware or spyware
F:\SAMIAM-PC\Backup Set 2011-01-26 200110\Backup Files 2011-05-01 190000\Backup files 2.zip
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.BL exploit
--> C/Users/John/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/1/68ac45c1-6efd3d03
[1] Archive type: ZIP
--> menu/edit.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.BL exploit
--> menu/file.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.BW exploit
--> menu/help.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.U exploit
--> pocket/object3.class
[DETECTION] Contains recognition pattern of the JAVA/Formduce.A Java virus
--> C/Users/John/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/27/2e841c9b-59da3fd8
[1] Archive type: ZIP
--> gendalf/fire.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.AG Java virus
--> mordor/bilbo.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.AH Java virus
--> mordor/frodo.class
[DETECTION] Is the TR/Java.Downloader.K.2 Trojan
--> mordor/gorlum.class
[DETECTION] Is the TR/Java.Downloader.K.3 Trojan
--> mordor/saruman.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.AJ Java virus
--> C/Users/John/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/57913e23-72b13c65
[1] Archive type: ZIP
--> lort/border.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.BN exploit
--> lort/object4.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.D exploit
--> menu/edit.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.BL exploit
--> menu/file.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.BW exploit
--> menu/help.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.U exploit
--> C/Users/John/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/4/75120c44-457728a7
[1] Archive type: ZIP
--> ClassPol.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.1184 Java virus
--> padle.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.1504 Java virus
--> hubert.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.4794 Java virus
--> CusBen.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.7976 Java virus
--> Trollllllle.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.4653 Java virus
--> Clrepor.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.1113 Java virus
--> Cload.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.3130 Java virus
--> novell.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.838 Java virus
--> huiak.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.10515 Java virus
F:\SAMIAM-PC\Backup Set 2011-05-08 190000\Backup Files 2011-05-08 190000\Backup files 3.zip
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the ADSPY/PestTrap adware or spyware
--> C/Users/John/Documents/John Salay/Local Settings/Temporary Internet Files/Content.IE5/W9EN4LAB/www.safetyhomepage[1]
[DETECTION] Contains recognition pattern of the ADSPY/PestTrap adware or spyware
F:\SAMIAM-PC\Backup Set 2011-05-08 190000\Backup Files 2011-05-08 190000\Backup files 6.zip
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.BL exploit
--> C/Users/John/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/1/68ac45c1-6efd3d03
[1] Archive type: ZIP
--> menu/edit.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.BL exploit
--> menu/file.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.BW exploit
--> menu/help.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.U exploit
--> pocket/object3.class
[DETECTION] Contains recognition pattern of the JAVA/Formduce.A Java virus
--> C/Users/John/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/27/2e841c9b-59da3fd8
[1] Archive type: ZIP
--> gendalf/fire.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.AG Java virus
--> mordor/bilbo.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.AH Java virus
--> mordor/frodo.class
[DETECTION] Is the TR/Java.Downloader.K.2 Trojan
--> mordor/gorlum.class
[DETECTION] Is the TR/Java.Downloader.K.3 Trojan
--> mordor/saruman.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.AJ Java virus
--> C/Users/John/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/57913e23-72b13c65
[1] Archive type: ZIP
--> lort/border.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.BN exploit
--> lort/object4.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.D exploit
--> menu/edit.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.BL exploit
--> menu/file.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.BW exploit
--> menu/help.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.U exploit
--> C/Users/John/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/4/75120c44-457728a7
[1] Archive type: ZIP
--> ClassPol.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.1184 Java virus
--> padle.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.1504 Java virus
--> hubert.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.4794 Java virus
--> CusBen.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.7976 Java virus
--> Trollllllle.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.4653 Java virus
--> Clrepor.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.1113 Java virus
--> Cload.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.3130 Java virus
--> novell.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.838 Java virus
--> huiak.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.10515 Java virus
F:\SAMIAM-PC\Backup Set 2011-07-17 190000\Backup Files 2011-07-17 190000\Backup files 3.zip
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the ADSPY/PestTrap adware or spyware
--> C/Users/John/Documents/John Salay/Local Settings/Temporary Internet Files/Content.IE5/W9EN4LAB/www.safetyhomepage[1]
[DETECTION] Contains recognition pattern of the ADSPY/PestTrap adware or spyware
F:\SAMIAM-PC\Backup Set 2011-07-17 190000\Backup Files 2011-07-17 190000\Backup files 4.zip
[0] Archive type: ZIP
[DETECTION] Is the TR/Crypt.EPACK.Gen2 Trojan
--> C/Users/John/AppData/Roaming/dwm.exe
[DETECTION] Is the TR/Crypt.EPACK.Gen2 Trojan
--> C/Users/John/AppData/Roaming/Microsoft/conhost.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen5 back-door program
[WARNING] This file is a mailbox. To avoid damaging your emails this file will not be repaired or deleted.
F:\SAMIAM-PC\Backup Set 2011-07-17 190000\Backup Files 2011-07-17 190000\Backup files 7.zip
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.BL exploit
--> C/Users/John/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/1/68ac45c1-6efd3d03
[1] Archive type: ZIP
--> menu/edit.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.BL exploit
--> menu/file.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.BW exploit
--> menu/help.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.U exploit
--> pocket/object3.class
[DETECTION] Contains recognition pattern of the JAVA/Formduce.A Java virus
--> C/Users/John/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/27/2e841c9b-59da3fd8
[1] Archive type: ZIP
--> gendalf/fire.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.AG Java virus
--> mordor/bilbo.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.AH Java virus
--> mordor/frodo.class
[DETECTION] Is the TR/Java.Downloader.K.2 Trojan
--> mordor/gorlum.class
[DETECTION] Is the TR/Java.Downloader.K.3 Trojan
--> mordor/saruman.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.AJ Java virus
--> C/Users/John/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/31/7ab66f1f-2b573dad
[1] Archive type: ZIP
--> rotor/zalux$vrkr.class
[DETECTION] Contains recognition pattern of the JAVA/Premarin.B Java virus
--> rotor/zalux.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.DH Java virus
--> C/Users/John/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/57913e23-72b13c65
[1] Archive type: ZIP
--> lort/border.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.BN exploit
--> lort/object4.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.D exploit
--> menu/edit.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.BL exploit
--> menu/file.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.BW exploit
--> menu/help.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.U exploit
--> C/Users/John/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/4/75120c44-457728a7
[1] Archive type: ZIP
--> ClassPol.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.1184 Java virus
--> padle.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.1504 Java virus
--> hubert.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.4794 Java virus
--> CusBen.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.7976 Java virus
--> Trollllllle.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.4653 Java virus
--> Clrepor.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.1113 Java virus
--> Cload.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.3130 Java virus
--> novell.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.838 Java virus
--> huiak.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.10515 Java virus
--> C/Users/John/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/9/3ec26009-2fdb40ae
[1] Archive type: ZIP
--> rotor/zalux$vrkr.class
[DETECTION] Contains recognition pattern of the JAVA/Premarin.B Java virus
--> rotor/zalux.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.DH Java virus

Beginning disinfection:
F:\SAMIAM-PC\Backup Set 2011-07-17 190000\Backup Files 2011-07-17 190000\Backup files 7.zip
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.DH Java virus
[NOTE] The file was moved to the quarantine directory under the name '4b7a3e78.qua'.
F:\SAMIAM-PC\Backup Set 2011-07-17 190000\Backup Files 2011-07-17 190000\Backup files 4.zip
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen5 back-door program
[WARNING] The file was ignored!
F:\SAMIAM-PC\Backup Set 2011-07-17 190000\Backup Files 2011-07-17 190000\Backup files 3.zip
[DETECTION] Contains recognition pattern of the ADSPY/PestTrap adware or spyware
[NOTE] The file was moved to the quarantine directory under the name '53ed11d8.qua'.
F:\SAMIAM-PC\Backup Set 2011-05-08 190000\Backup Files 2011-05-08 190000\Backup files 6.zip
[DETECTION] Contains recognition pattern of the JAVA/Agent.10515 Java virus
[NOTE] The file was moved to the quarantine directory under the name '01b24b31.qua'.
F:\SAMIAM-PC\Backup Set 2011-05-08 190000\Backup Files 2011-05-08 190000\Backup files 3.zip
[DETECTION] Contains recognition pattern of the ADSPY/PestTrap adware or spyware
[NOTE] The file was moved to the quarantine directory under the name '678504c8.qua'.
F:\SAMIAM-PC\Backup Set 2011-01-26 200110\Backup Files 2011-05-01 190000\Backup files 2.zip
[DETECTION] Contains recognition pattern of the JAVA/Agent.10515 Java virus
[NOTE] The file was moved to the quarantine directory under the name '220129e0.qua'.
F:\JOHN-PC\Backup Set 2011-01-26 200110\Backup Files 2011-01-30 234808\Backup files 3.zip
[DETECTION] Contains recognition pattern of the ADSPY/PestTrap adware or spyware
[NOTE] The file was moved to the quarantine directory under the name '5d1a1b88.qua'.
E:\John Salay\Local Settings\Temporary Internet Files\Content.IE5\W9EN4LAB\www.safetyhomepage[1]
[DETECTION] Contains recognition pattern of the ADSPY/PestTrap adware or spyware
[NOTE] The file was moved to the quarantine directory under the name '11b63623.qua'.
C:\Users\John\Documents\John Salay\Local Settings\Temporary Internet Files\Content.IE5\W9EN4LAB\www.safetyhomepage[1]
[DETECTION] Contains recognition pattern of the ADSPY/PestTrap adware or spyware
[NOTE] The file was moved to the quarantine directory under the name '6dae7672.qua'.

End of the scan: Sunday, August 07, 2011 10:01
Used time: 1:59:48 Hour(s)

The scan has been done completely.

64731 Scanned directories
1184978 Files were scanned
80 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
8 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
1184898 Files not concerned
10580 Archives were scanned
1 Warnings
14 Notes
544839 Objects were scanned with rootkit scan
6 Hidden objects were found

JonTom · Aug 7, 2011

Hello Samwise

Allow avira to quarantine all of those detected items and then follow with ESET:

Please run the following scan
- Note: You will need to use Internet Explorer for this scan.
- Note for Vista/Windows 7 Users: ESET is compatible but Internet Explorer must be run as Administrator. To do this, right-click on your Internet Explorer icon and select "Run as Administrator".
- Please disable your real time security programs before performing the scan.
- Scan your system with Eset Online Scanner
- Place a check mark in the box YES, I accept the Terms Of Use.
- Click the
  
  button.
- For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).
- Click on
  
  to download the ESET Smart Installer. Save it to your desktop.
- Double click on the
  
  icon on your desktop.
Please perform the following scan
- Please download DDS from here and save it to your desktop.
- Disable any script blocking protection (How to Disable your Security Programs)
- Right click on the DDS icon and select "Run as Administrator" to run the tool (may take up to 3 minutes to run).
- When done, DDS.txt will open.
- After a few moments, attach.txt will open in a second window.
- Save both reports to your desktop.
- Please post the contents of the DDS.txt and Attach.txt logs in your next reply.
Post the ESET log and a new DDS log in your next reply. Also, please describe exactly how the machine is running now.

Samwise · Aug 8, 2011

Away

Hello JonTom,
I am sorry this has been such a long process and am very grateful for you sticking with me.
I will not have access to my desktop again until next Sunday night at the earliest and will follow your directions at that time. Please do not close the thread.

Thanks again!

JonTom · Aug 10, 2011

Hello Samwise

I will leave your thread open

I will not have access to my desktop again until next Sunday night

I will be offline for 7 days from Saturday 13th and so will be unable to respond to you when you have access to the machine.

I have asked if another helper would be willing to check on this thread in my absence. Once I hear back from them I will let you know.

JonTom · Aug 10, 2011

Hello Samwise

Blottedisk has very kindly agreed to check on your thread in my absence (many thanks my friend).

You are in very safe hands.

Best wishes
JonTom

Samwise · Aug 14, 2011

Hello Blottedisk, Thank you for helping in JonTom's absence.

I ran Eset last night and it seemed to get stuck on 99% complete, when the computer did an automatic reboot/update. It had found 14 threats that I could see. I ran it again today after some difficulty and it got stuck on 99% complete again with no threats found this time. It was stopped on this file: F:\David S***y\mygames\download microsoft visual studio 2008 professional edition.iso after having scanned 352,343 files in about 90 minutes. There was a list under manage quaratine, but I was not able to cut and paste it nor did I see any other logs as I had to click the stop button since it was stuck.

I have not done much with the computer to see how it is running, but there are error messages coming up when it turns on about unable to find registry files.

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by John at 11:47:06 on 2011-08-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8174.5718 [GMT -4:00]
.
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackup.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.excite.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - C:\Program Files (x86)\WOT\WOT.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - C:\Program Files (x86)\WOT\WOT.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mRun: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Memeo Backup Premium] C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe --silent --no_ui
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\ERUNT\AUTOBACK.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} - hxxps://myhrweb.tmhs.org/+CSCOL+/relayp.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://sslvpn.tmhs.org/CACHE/stc/1/binaries/vpnweb.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{17BFF10D-B5AE-4F7B-B03E-0F9A6F6934D2} : DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{5E5302EF-B650-45F8-BE1B-58C8ABFB5465} : DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{9A35D416-AEAE-41A3-820D-44F16FB2DD82} : DhcpNameServer = 192.168.1.1 71.252.0.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mRun-x64: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Memeo Backup Premium] C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe --silent --no_ui
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1w28n1wy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.excite.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-8-6 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-8-6 269480]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-19 13336]
R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe [2010-7-28 25824]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-2-10 1153368]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-6-17 434864]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys --> C:\Windows\system32\drivers\HCW85BDA.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 t3;Sound Blaster X-Fi Xtreme Audio;C:\Windows\system32\drivers\t3.sys --> C:\Windows\system32\drivers\t3.sys [?]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/01/19 20:27:08;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-26 236016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-1 136176]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-9-4 219632]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-1-19 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-1-19 79360]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-1 136176]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2010-7-30 25072]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-9-4 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-08-13 22:44:35 8578896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{86FC9CF9-3ADA-47F7-9D4D-7467E612EFB1}\mpengine.dll
2011-08-07 11:58:29 -------- d-----w- C:\Users\John\AppData\Roaming\Avira
2011-08-07 03:09:04 8578896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-08-07 03:09:00 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-08-06 20:13:30 88288 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2011-08-06 20:13:29 -------- d-----w- C:\ProgramData\Avira
2011-08-06 20:13:29 -------- d-----w- C:\Program Files (x86)\Avira
2011-07-31 15:12:39 -------- d-----w- C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-07-31 14:36:29 -------- d-----w- C:\Users\John\AppData\Local\Solid State Networks
2011-07-31 13:40:05 -------- d-----w- C:\Program Files (x86)\Uniblue
2011-07-31 13:39:56 -------- d-----w- C:\Users\John\AppData\Local\PackageAware
2011-07-31 13:13:32 -------- d-----w- C:\Program Files (x86)\WOT
2011-07-31 12:18:29 -------- d-----w- C:\Users\John\AppData\Local\{5ABD7BB5-F743-4FB9-8B35-C44D714425FE}
2011-07-30 17:00:17 -------- d-----w- C:\Program Files (x86)\ESET
2011-07-30 16:51:12 -------- d-----w- C:\Users\John\AppData\Roaming\Malwarebytes
2011-07-30 16:51:02 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-30 16:51:02 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-30 16:50:58 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-30 16:50:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-29 11:15:24 -------- d-sh--w- C:\$RECYCLE.BIN
2011-07-23 20:54:13 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2011-07-23 20:54:13 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2011-07-23 20:52:50 -------- d-----w- C:\Users\John\AppData\Roaming\Sammsoft
2011-07-23 20:52:41 -------- d-----w- C:\Program Files (x86)\ARO 2011
2011-07-23 18:20:39 -------- d-----w- C:\ERUNT
2011-07-19 23:15:12 -------- d-----w- C:\Users\John\AppData\Roaming\Fingertapps
2011-07-19 17:49:27 -------- d-----w- C:\FIND_EULA_PATH
2011-07-18 12:20:37 -------- d-----w- C:\Windows\System32\SPReview
2011-07-18 12:19:26 -------- d-----w- C:\Windows\System32\EventProviders
.
==================== Find3M ====================
.
2011-07-31 14:47:55 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-31 13:55:54 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-07-23 20:37:39 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-18 12:26:35 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-07-18 12:26:34 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
.
============= FINISH: 11:47:40.87 ===============

Samwise · Aug 14, 2011

Attach.txt

The other text doc was an old one. I had trouble in IE but was able to find the attach.txt on the notepad after performing the procedure with Mozilla.

Samwise · Aug 14, 2011

run as administrator

I realized when I right clicked on the IE icons and selected "run as administrator" nothing really happened. Instead I opened the file location and tried it and it worked, so I am retrying the eset scan now.

Samwise · Aug 14, 2011

The scan seemed to run fine and stated no threats were found.

win32.palevo

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member