win32agent/PEB - 2012 Nov

[Stormin1]

Hello, I've run Malware antimalware, eset nod32, and spybot s&d and they all come up with no infections. One time a week or so ago after eset had run it did tell me that I had win32agent/PEB that eset was unable to fix or remove it so here I am. My pc is slow and it takes a long time for things to load up. It is a 7 year old toshiba satellite laptop but it is definitely because of this infection that it runs this slow. I've followed the instructions and hope that you might be able to help me out. Thanks in advance.

DDS (Ver_2012-11-05.02) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Alain Normand at 21:12:17 on 2012-11-05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1407.680 [GMT -7:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: <No Name>: {A784856E-2934-40F6-BFF8-CCA9B07E2712} - LocalServer32 - <no file>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [TPNF] c:\program files\toshiba\touchpad\TPTray.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [LtMoh] c:\\program files\\ltmoh\\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - LocalServer32 - <no file>
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1350450129234
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} - hxxps://my.calgaryhealthregion.ca/redirect/http://mail.calgaryhealthregion.ca/owa/MWScripts/AttachView/1.9/DAX.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254 75.153.176.1
TCP: Interfaces\{83FE0DF6-2552-4656-BA5F-BD0DEB2A10E6} : DHCPNameServer = 192.168.1.254 75.153.176.1
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - c:\program files\turbotax 2010\ic2010pp.dll
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files\turbotax 2011\ic2011pp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\alain normand\application data\mozilla\firefox\profiles\iq0w8l9n.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-3-29 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-3-29 95872]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-3-29 810120]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2011-3-9 238592]
R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2011-3-9 1060864]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2011-3-9 484352]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S2 owgyrlt;owgyrlt;c:\documents and settings\alain normand\application data\b02b6.bat [2012-10-23 116]
S3 cpuz134;cpuz134;\??\c:\docume~1\alainn~1\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\alainn~1\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2012-3-1 21504]
S3 RkHit;RkHit;\??\c:\windows\system32\drivers\rkhit.sys --> c:\windows\system32\drivers\RKHit.sys [?]
.
=============== Created Last 30 ================
.
2012-11-01 16:52:30 -------- d-----w- c:\documents and settings\alain normand\application data\PC Antivirus
2012-11-01 16:52:30 -------- d-----w- c:\documents and settings\alain normand\application data\AVPro
2012-11-01 16:52:24 6393144 ----a-w- c:\windows\uninstac.exe
2012-11-01 16:52:22 582992 ----a-w- c:\windows\system32\sbap.dll
2012-11-01 16:52:22 415056 ----a-w- c:\windows\system32\SpursDownload.dll
2012-11-01 16:52:22 308560 ----a-w- c:\windows\system32\vipre.dll
2012-11-01 16:52:22 1332560 ----a-w- c:\windows\system32\sbte.dll
2012-11-01 16:52:21 160768 ----a-w- c:\windows\system32\unrar.dll
2012-11-01 16:52:18 -------- d-----w- c:\program files\PC Antivirus
2012-11-01 16:52:18 -------- d-----w- c:\documents and settings\all users\application data\AVC1Data
2012-11-01 00:55:42 -------- d-----w- C:\ebooks in Caliber
2012-10-31 23:41:43 -------- d-----w- c:\documents and settings\alain normand\local settings\application data\Western_Digital
2012-10-31 23:41:02 -------- d-----w- c:\documents and settings\alain normand\local settings\application data\Western Digital
2012-10-31 23:40:54 -------- d-----w- c:\documents and settings\all users\application data\Western Digital
2012-10-31 21:48:42 -------- d-----w- c:\program files\Western Digital
2012-10-27 04:36:38 -------- d-----w- c:\documents and settings\alain normand\application data\Barnes & Noble
2012-10-27 04:36:32 -------- d-----w- c:\program files\Barnes & Noble
2012-10-23 22:18:24 116 ---h--w- c:\documents and settings\alain normand\application data\b02b6.bat
2012-10-11 02:04:40 -------- d-----w- c:\program files\uTorrent
2012-10-11 02:03:26 -------- d-----w- c:\documents and settings\alain normand\application data\uTorrent
2012-10-10 14:51:02 -------- d-----w- c:\documents and settings\alain normand\local settings\application data\Pentax
2012-10-10 14:50:16 -------- d-----w- c:\program files\PENTAX
2012-10-10 14:49:32 -------- d-----w- c:\windows\Downloaded Installations
2012-10-09 15:22:24 9575864 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
==================== Find3M ====================
.
2012-10-27 04:03:42 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-27 04:03:42 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-30 02:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 19:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 19:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-21 13:33:26 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:09 2027520 ------w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 21:12:45.07 ===============

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-05 21:15:52
-----------------------------
21:15:52.437 OS Version: Windows 5.1.2600 Service Pack 3
21:15:52.437 Number of processors: 2 586 0x401
21:15:52.437 ComputerName: YOUR-1A024C0D58 UserName: Alain Normand
21:15:53.328 Initialize success
21:29:08.406 AVAST engine defs: 12110600
21:30:39.906 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:30:39.906 Disk 0 Vendor: IC25N080ATMR04-0 MO4OAD4A Size: 76319MB BusType: 3
21:30:40.265 Disk 0 MBR read successfully
21:30:40.265 Disk 0 MBR scan
21:30:40.296 Disk 0 unknown MBR code
21:30:40.296 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
21:30:40.312 Disk 0 scanning sectors +156296385
21:30:40.390 Disk 0 scanning C:\WINDOWS\system32\drivers
21:31:06.359 Service scanning
21:31:19.765 Service owgyrlt C:\Documents and Settings\Alain Normand\Application Data\b02b6.bat **INFECTED** BV:Mirias-A [Trj]
21:31:28.515 Modules scanning
21:31:46.015 Disk 0 trace - called modules:
21:31:46.046 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:31:46.046 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a239ab8]
21:31:46.046 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000079[0x8a20a2d0]
21:31:46.046 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a226940]
21:31:47.078 AVAST engine scan C:\WINDOWS
21:31:54.656 AVAST engine scan C:\WINDOWS\system32
21:35:23.078 AVAST engine scan C:\WINDOWS\system32\drivers
21:35:51.187 AVAST engine scan C:\Documents and Settings\Alain Normand
21:44:45.468 AVAST engine scan C:\Documents and Settings\All Users
21:45:36.421 Scan finished successfully
21:47:04.828 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Alain Normand\Desktop\MBR.dat"
21:47:04.828 The log file has been saved successfully to "C:\Documents and Settings\Alain Normand\Desktop\aswMBR.txt"


--- Search result list ---
Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2012-10-04 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-10-31 Includes\Adware.sbi (*)
2012-10-30 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2012-09-26 Includes\DialerC.sbi (*)
2012-01-31 Includes\HeavyDuty.sbi (*)
2012-10-16 Includes\Hijackers.sbi (*)
2012-09-25 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2012-03-13 Includes\Keyloggers.sbi (*)
2012-03-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-08-28 Includes\Malware.sbi (*)
2012-10-30 Includes\MalwareC.sbi (*)
2012-10-24 Includes\PUPS.sbi (*)
2012-10-30 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-06-18 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-09-05 Includes\Spyware.sbi (*)
2012-09-04 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-27 Includes\Trojans.sbi (*)
2012-10-31 Includes\TrojansC-02.sbi (*)
2012-10-30 Includes\TrojansC-03.sbi (*)
2012-10-24 Includes\TrojansC-04.sbi (*)
2012-08-31 Includes\TrojansC-05.sbi (*)
2012-10-31 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Hope you can help

 

[JonTom]

Hello Stormin1 and :welcome:

My name is JonTom

• Malware Logs can sometimes take a lot of time to research and interpret.
  
• Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
  
• Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
  
• Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
  
• PLEASE NOTE: If you do not reply after 3 days your thread will be closed.

Please work your way through the following steps:

1. P2P Programs:
   
   
   • P2P programs are a major source of Malware infections.
   • From your log I see you have µTorrent. We do not pass judgment on file-sharing, however we must inform you that engaging in this activity and having this kind of software installed on your system will always make you more susceptible to Malware infections.
   • The use of P2P programs may be contributing to your current situation, and you would certainly be doing yourself a favour by removing them.
   • If you wish to keep the program(s), please do not use them until your computer is cleaned.
     
     
   • Information regarding the risk of using these programs can be found from here and here.
     
     
   • It is strongly recommend that you uninstall any P2P programs you have on your system.
     
     
   • To do this, Click on "Start" then on "Control Panel" and then on "Add or remove programs".
   • A list of currently installed programs will be displayed.
   • Find the "µTorrent" program, click on it once and then click on the "Remove" button.
   • If you are prompted to re-boot your computer to complete the uninstall please do so.
     
     
     PLEASE NOTE:
   • Even if you are using a P2P program that is deemed safe, it is only the program that is safe. Any files that you receive using a "safe" P2P program may be infected with Malware. The malware writers use P2P file-sharing as a major conduit to spread infected files.
   
   
2. Please disable Spybot Teatimer
   
   
   • Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
   • On the left hand side, click "Tools", then click on the "Resident" icon in the list.
   • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active" box.
   • Click the "System Startup" icon in the List.
   • Uncheck the "TeaTimer" box and "OK" any prompts.
   • If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
   • Exit Spybot S&D when done.
   
   
3. Combofix
   
   
   • Download ComboFix from one of the following locations:
     
     Link 1
     Link 2
   • VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
   • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here .
   • Double click on ComboFix.exe & follow the prompts.
   • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
   • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
   • Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
   
   
   
   
   
   • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
   
   
   
   
   
   • Click on Yes, to continue scanning for malware.
   • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
   • Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall.
   • Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
     
   • Should there be issues with internet afterward:
     
     In IE: Tools Menu -> Internet Options -> Connections Tab -> Lan Settings -> uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.
     
     In Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.
     
   
   Please post the Combofix log in your next reply.

 

[Stormin1]

Tonight is the night

Good morning JonTom. Just a quick note to say that my work schedule has kept me from going through your directions for my laptop. I will be doing it this evening and hope to get resolution soon. My laptop is still painfully slow and thanks for your response.

 

[JonTom]

Hello Stormin1

Thanks for letting me know.

Post when you can

 

[Stormin1]

After using combo fix

Hi JonTom, here is the log as requested.
Just an fyi, as combofix was finishing it's work after rebooting, my eset nod started up. I forgot to disable it. Hope it didn't ruin the results.
PS. do you recommend using Malware antimalware along with eset nod32 and spybot? Thanks.

 

[JonTom]

Hello Stormin1

There is no need to attach any logs, just post them directly into your replies

do you recommend using Malware antimalware along with eset nod32 and spybot?

Do you mean MalwareBytes AntiMalware? If so, yes, they are all good programs.

Lets continue:

1. Please download SystemLook by JPShortstuff
   
   
   • Please download SystemLook by JPShortstuff by clicking here or here and save the file (called SystemLook.exe) to your desktop.
   • Double click SystemLook.exe to run the program.
   • Copy the content of the following codebox into the main textfield:
   
   

   :dir
   c:\program files\PC Antivirus /s

   • Click the Look button to start the scan.
   • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
   • Note: The log can also be found on your Desktop entitled SystemLook.txt
   
   Please post the systemlook log in your next reply.

 

[Stormin1]

win32agent/peb instructions

Good morning JonTom, here is the log as requested.

SystemLook 30.07.11 by jpshortstuff
Log created at 09:55 on 12/11/2012 by Alain Normand
Administrator - Elevation successful

========== dir ==========

c:\program files\PC Antivirus - Parameters: "/s"

---Files---
None found.

c:\program files\PC Antivirus\Bases d------ [16:52 01/11/2012]

c:\program files\PC Antivirus\q d------ [16:52 01/11/2012]

-= EOF =-

 

[JonTom]

Hello Stormin1

Thank you for the systemlook log.

1. Please delete the following folders
   
   
   • Right-click your "Start" button and select "Explore".
   • Navigate to and delete the following folders in bold.
   
   
   • c:\documents and settings\Alain Normand\Application Data\PC Antivirus <==== Delete this folder.
     
     c:\program files\PC Antivirus <==== Delete this folder.
   
   Once deleted, please Empty your Recycle Bin.
   
   
2. Temporary File Cleaner
   
   
   • Download TFC to your desktop.
   • Close any open windows.
   • Double click the TFC icon to run the program.
   • TFC will close all open programs itself in order to run.
   • Click the Start button to begin the process.
   • Allow TFC to run uninterrupted.
   • The program should not take long to finish.
   • Once complete it should automatically reboot your machine.
   • If your machine does not reboot automatically, manually reboot to ensure a complete clean.
   • Note: After running TFC your machine may take slightly longer to boot the first time. This is normal.
   
   
3. MalwareBytes AntiMalware:
   
   
   • I can see that you have MBAM installed.
   • Double click on your MalwareBytes AntiMalware icon to launch the program.
   • Click on the "Update" tab and then on "Check for Updates".
   • The program will now install the latest Malware definition files.
   • Once complete, click on the "Scanner" tab, select "Perform Quick Scan"and then click on "Scan".
   • Once the program has scanned your computer, a log file will be created in Notepad.
   • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
   
   
   • If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
   • When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
   • The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
   • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
   • Come back here to this thread and Paste the log in your next reply.
   
   
4. Please update your Java
   
   
   • Click on "Start", then on "Control Panel".
   • Go to "Add or Remove Programs" and uninstall any previous versions of Java that you find (Java 2 Runtime Environment, SE v1.4.2_05 and Java(TM) 6 Update 7).
   • Reboot your computer.
   • Download the latest version of Java Runtime Environment (JRE) 7
   • Scroll down the page until you reach "Java Platform Standard Edition".
   • Beneath this and to the right, you will see a blue button marked "Download" for Java SE 7u9.
   • Click the "Download" button.
   • Accept the licence agreement.
   • Under "Product / File Description" download the jre-7u9-windows-i586.exe file for Windows x86 Offline.
   • Save the file to your desktop.
   • From your desktop double click on jre-7u9-windows-i586.exe to install the newest version.
   • Delete the downloaded installation file after completing the above procedure and reboot your system if not prompted to do so.
   
   
5. BitDefender
   
   
   • Lets perform an online scan with BitDefender QuickScan.
   • We recommend that you disable any real time protection that you have before starting the scan.
   • Click here here to access the BitDefender QuickScan page
   • For Firefox users:
   • Click on the Free Scan Now button.
   • You will be prompted to install a plug-in. Please Allow the installation.
   • If the process stalls you may need to refresh the page.
   • A Software Installation window will appear.
   • Click on Install Now and the plugin will be installed as an Add-on.
   • Restart Firefox when done. Go back to the BitDefender QuickScan page again and click on Free Scan Now and proceed accordingly.
   • For Internet Explorer users:
   • Click on the Free Scan Now button.
   • You will be prompted to install an ActiveX control. Please allow the control to install.
   • The page will refresh. Click on the Free Scan Now button again and proceed accordingly.
   
   
   • When scan has completed, click on View report and a Notepad log will open.
   • If ant malware has been detected, you will receive a warning and the link to the report will be displayed as the number of infections. Click on it.
   • Post the contents of this report in your next reply.
   • The reports can also be found by navigating to C:\Documents and Settings\<username>\Application Data\QuickScan, (where "<username>" is the Windows log-in name).
   
   Please post the MBAM log and the Bitdefender log in your next reply and let me know how the machine is running now.

 

[Stormin1]

Newest directions

Hello JonTom,

I cannot find this particular file:
c:\documents and settings\Alain Normand\Application Data\PC Antivirus <==== Delete this folder. (it's the Application Data that does not show up)

I have found this file:

c:\program files\PC Antivirus <==== Delete this folder.

and have deleted it as instructed. I haven't proceeded with any other instructions in case I need to get rid of the first one you've told me to get rid of. Sorry for the delay...

 

[JonTom]

Hello Stormin1

Sorry for the delay...

There is no need to apologise

Lets try this:

1. Please make all files and folders Visible:
   
   
   • Click "Start" Go to My Computer-> Tools-> Folder Options-> View tab:
   • Choose to "Show hidden files and folders".
   • Uncheck the "Hide protected operating system files" and the "Hide extensions for known file types" boxes.
   • Close the window with "OK".
   
   Once you have completed the steps above see if you are able to navigate to and delete the folder, then continue with the scans

 

[Stormin1]

Java

Good morning JonTom,
I'm unable to remove this file, windows installer tells me it's being used?

C:\Documents and Settings\Owner\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142050}\

 

[JonTom]

Hello Stormin1

I'm unable to remove this file, windows installer tells me it's being used?

C:\Documents and Settings\Owner\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142050}\

I am a little confused here. The path you provide leads to a folder, not a file, but its not the same path I provided you with previously.

After you have made sure that all files and folders are visible (post number 10), navigate to the following folder, right click on it and select delete.

===
c:\documents and settings\Alain Normand\Application Data\PC Antivirus
===

If the folder is not there or if you receive the same message again, don't worry, just continue with TFC, MBAM, java and Bitdefender (as described in post number 8).


Let me know how you get on and post the required logs in your next reply.

 

[Stormin1]

Uninstall java

Good morning JonTom,
That last folder that I sent you is the "use source" that won't allow me to uninstall "Java 2 Runtime Environment, SE v1.4.2_05.msi" That is why I've sent it to you to see how I might uninstall it or can I simply download the Java you have suggested. Again sorry for this delay.
Windows Installer is telling me that " the feature you are trying to use is on a network resource that is unavailable."
It tells me to click OK to try again (tried that, no results) or enter an alternate path to a folder containing the installation package "Java 2 Runtime Environment, SE v1.4.2_05.msi" in the box in the window of Windows Installer.
Use source: C:\Documents and Settings\Owner\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142050}\
Again hope you can walk me through this and I appreciate all the help so far.

 

[JonTom]

Hello Stormin1

I see what you mean now. Thanks for the clarification.

I'm not sure why you are being thrown that message.

Please download the new Java and install it, then proceed with the rest of the scans. Once we have the logs we'll take things from there

 

[Stormin1]

mbam

Hello JonTom,
Here is the mbam report:


Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.15.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Alain Normand :: YOUR-1A024C0D58 [administrator]

11/15/2012 5:42:04 AM
mbam-log-2012-11-15 (05-42-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218320
Time elapsed: 5 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

And the bitdefender report:


QuickScan 32-bit v0.9.9.119
---------------------------
Scan date: Fri Nov 16 10:50:37 2012
Machine ID: AF508D53



No infection found.
-------------------



Processes
---------
Agere SoftModem Messaging Applet 2280 C:\WINDOWS\agrsmmsg.exe
ATI Desktop Component 2312 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
ati2evxx.exe 864 C:\WINDOWS\system32\ati2evxx.exe
Bonjour 1524 C:\Program Files\Bonjour\mDNSResponder.exe
CD Burning of Windows XP disabling tool 2476 C:\WINDOWS\system32\RAMASST.exe
Drive Letter Access Component 2264 C:\WINDOWS\system32\dla\tfswctrl.exe
ESET Smart Security 2372 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
ESET Smart Security 1572 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
Firefox 3488 C:\Program Files\Mozilla Firefox\firefox.exe
Firefox 3136 C:\Program Files\Mozilla Firefox\plugin-container.exe
HP PML 1660 C:\WINDOWS\system32\HPZipm12.exe
iTunes 2640 C:\Program Files\iPod\bin\iPodService.exe
iTunes 2360 C:\Program Files\iTunes\iTunesHelper.exe
Java(TM) Platform SE 7 U9 1624 C:\Program Files\Java\jre7\bin\jqs.exe
Java(TM) Platform SE Auto Updater 2 0 2412 C:\Program Files\Common Files\Java\Java Update\jusched.exe
LtMoh Application 2272 C:\Program Files\ltmoh\ltmoh.exe
Microsoft® Windows® Operating System 1400 C:\WINDOWS\system32\spoolsv.exe
Microsoft® Windows® Operating System 4092 C:\WINDOWS\system32\wscntfy.exe
Microsoft® Windows® Operating System 2892 C:\WINDOWS\system32\wuauclt.exe
MobileDeviceService 1508 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
Service of RAMAsst for Windows XP 1556 C:\WINDOWS\system32\DVDRAMSV.exe
TPTray Application 2256 C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
WD File Management Engine 1792 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
WD Shadow Copy Service 1928 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
WDDMStatus.exe 2496 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
WDDriveManager.exe 1756 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(verified) Microsoft® Windows® Operating System 1448 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 1604 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 604 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 2424 C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 692 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 680 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 556 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 1476 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1116 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 984 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 944 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 880 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1700 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 636 C:\WINDOWS\system32\winlogon.exe


Network activity
----------------
Process ekrn.exe (1572) connected on port 80 (HTTP) --> 66.235.142.20
Process ekrn.exe (1572) connected on port 80 (HTTP) --> 74.125.225.37
Process ekrn.exe (1572) connected on port 80 (HTTP) --> 66.235.142.20
Process ekrn.exe (1572) connected on port 80 (HTTP) --> 74.125.225.1
Process ekrn.exe (1572) connected on port 80 (HTTP) --> 74.125.225.96
Process ekrn.exe (1572) connected on port 80 (HTTP) --> 69.192.95.139
Process ekrn.exe (1572) connected on port 80 (HTTP) --> 74.125.225.96

Process svchost.exe (944) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Agere SoftModem Messaging Applet C:\WINDOWS\agrsmmsg.exe
Apple Push C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
ATI Desktop Component C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
CD Burning of Windows XP disabling tool C:\WINDOWS\system32\RAMASST.exe
Drive Letter Access Component C:\WINDOWS\system32\dla\tfswctrl.exe
ESET Smart Security C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
HP Digital Imaging C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe
iTunes C:\Program Files\iTunes\iTunesHelper.exe
Java(TM) Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
LtMoh Application C:\\Program Files\\ltmoh\\Ltmoh.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\sstext3d.scr
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll
QuickTime C:\Program Files\QuickTime\qttask.exe
TPTray Application C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
WDDMStatus.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
AcroIEHelper Library c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll
Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
Bitdefender QuickScan C:\Documents and Settings\Alain Normand\Application Data\Mozilla\Firefox\Profiles\iq0w8l9n.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
Drive Letter Access Component c:\windows\system32\dla\tfswshx.dll
Flash® Player Installer/Uninstaller C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
Java Deployment Toolkit 7.0.90.5 C:\WINDOWS\system32\npDeployJava1.dll
Java(TM) Platform SE 7 U9 c:\program files\java\jre7\bin\jp2ssv.dll
Java(TM) Platform SE 7 U9 C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
Java(TM) Platform SE 7 U9 c:\program files\java\jre7\bin\ssv.dll
Messenger C:\Program Files\Messenger\msmsgs.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
NPSWF32_11_4_402_287.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
Picasa C:\Program Files\Picasa2\npPicasa3.dll
QuickTime Plug-in 7.7.2 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.7.2 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.7.2 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.7.2 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.7.2 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.7.2 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.7.2 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
sdhelper.dll c:\program files\spybot - search & destroy\sdhelper.dll
Silverlight Plug-In c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


Scan
----
MD5: cae4adee7be5c6ad35c84d10a866977e C:\\Program Files\\ltmoh\\Ltmoh.exe
MD5: c9e3864fb9cbfa93d9010bcfe18a5697 C:\Documents and Settings\Alain Normand\Application Data\Mozilla\Firefox\Profiles\iq0w8l9n.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
MD5: d27ce4eaf23411589a33e0c99d176311 C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll
MD5: 84cbd6f6aa7ee399fbdc265b8ea64474 C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
MD5: 34ebd4ff6a24d86bb4716d6afcc1a89b C:\Program Files\Apple Software Update\SoftwareUpdate.exe
MD5: df505e4a419f032009e17e6a74b86039 C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll
MD5: 3f8da5eaa621c348876ef54ba244f77b C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll
MD5: 024f4f23ccee31a9994109d7a41ab78f C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
MD5: 10c324a636b83815f8cd3116d9cd46a1 C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.ENU
MD5: 40947436a70e0034e41123df5a0a7702 C:\Program Files\Bonjour\mdnsNSP.dll
MD5: db5bea73edaf19ac68b2c0fad0f92b1a C:\Program Files\Bonjour\mDNSResponder.exe
MD5: 6cd44651413ce8f6f8a66760b027d23c c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
MD5: ba0ed7aa3c36a8da27ded1d6b3508158 c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
MD5: 280d33db8697fdef8ccf2b9eef9ea5cb C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
MD5: b63e5c7807334a3a8f731062f15462cc C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: 60c079cb2150760263d1fe5ff6218961 C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll
MD5: 82cc8f77e9ec61c6b4d48dd4d5ca78e7 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
MD5: ba02f01be7ed88e8974c798acb3075f5 C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
MD5: af54247f97ccf3539de7505c09972ff9 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll
MD5: 5f3347eba403ee64780980a5baf10304 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
MD5: 149d74e1128a86dc9cfb2851fbea11eb C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll
MD5: 09b7e7cd6f202247b3cf2306108589c2 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
MD5: fd86c605fd7ad4a41c01ec7a4a1e1c5d C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
MD5: a3609397ef273b03295dbb10274be12c C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
MD5: 18301b40411b2108076ab685b4e4b6dc C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MD5: 32d78dcabfb942275e01363d5232c77d C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
MD5: df1c1cd0c7ee95cc00d71e9e415e7bcd C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
MD5: c28fd3b37b6f18751c99e6022a2a9782 C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
MD5: d339d7f6e52aecca9c0898cb547b2902 C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll
MD5: a56ccbbfccedce2fd9c69fed24e035e3 C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MD5: a5299d04ed225d64cf07a568a3e1bf8c C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MD5: 4e4edf9ca82e95bab2977dd9f21b00f6 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
MD5: ab781c0e4c09e08f464081d17c0f6184 C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
MD5: 0e1b02c9cc352a1f61703b7d1a8a2c45 C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll
MD5: 12916e0642e92561c98b18a2a2d01b14 C:\Program Files\Common Files\Java\Java Update\jusched.exe
MD5: 227afe768022f70e1826007ecc9bb459 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
MD5: a585da3ba4333fc1295179c89807a01c C:\Program Files\ESET\ESET NOD32 Antivirus\eguiAmon.dll
MD5: d1918283625138158dcc9831486f508d C:\Program Files\ESET\ESET NOD32 Antivirus\eguiDmon.dll
MD5: 92e2a41f8bed55e8372043b1396a9920 C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEmon.dll
MD5: 3a2a36cd998eea27f1c5c8c0455ca137 C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEpfw.dll
MD5: 25bde67b09d6d196bc9b27e6145c6abd C:\Program Files\ESET\ESET NOD32 Antivirus\eguiMailPlugins.dll
MD5: 703afa465fff5f64bf8c551478311827 C:\Program Files\ESET\ESET NOD32 Antivirus\eguiScan.dll
MD5: 6a7ca5387d27d5dd8dd898133c41bd4d C:\Program Files\ESET\ESET NOD32 Antivirus\eguiUpdate.dll
MD5: 34d47133aae0e0140982a0d1092f0aeb C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
MD5: 55057fbc9ca026cda3bc68bba1605b90 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
MD5: 1a10d443dc5eb825f51e3ed3a2f14d38 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnAmon.dll
MD5: a91cbeef533dbef6403c1fdc3532f3a4 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnDmon.dll
MD5: 022770f3421858b6f20e8763a8d05f30 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnEmon.dll
MD5: a7d02feebbe452b4f5a349ad41e5ee94 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnEpfw.dll
MD5: 7230630312e7e5964cd777b6babcab76 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnMailPlugins.dll
MD5: 0d4d7fc35c18ad2d8cc4fd2a3035de08 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnScan.dll
MD5: dab274f151caceb9f1ae58751a28a117 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnUpdate.dll
MD5: 686b224b4987c22b153fbb545fee9657 C:\Program Files\ESET\ESET NOD32 Antivirus\MFC80U.DLL
MD5: daeb7696e01fae51196820ff6bbd4363 C:\Program Files\ESET\ESET NOD32 Antivirus\updater.dll
MD5: c39790ba091f3f9ec7dfe5c2e4598df0 C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe
MD5: 0a7b01235b1cbfa387b04a91e2f2b7d0 C:\Program Files\Internet Explorer\plugins\nppdf32.dll
MD5: 2f7480a40151eb2e483cf6524edba3f7 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: 2f7480a40151eb2e483cf6524edba3f7 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: 2f7480a40151eb2e483cf6524edba3f7 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: 2f7480a40151eb2e483cf6524edba3f7 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: 2f7480a40151eb2e483cf6524edba3f7 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: 2f7480a40151eb2e483cf6524edba3f7 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: 2f7480a40151eb2e483cf6524edba3f7 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
MD5: bc0ea61246f8d940fbc5f652d337d6bd C:\Program Files\iPod\bin\iPodService.exe
MD5: fc509eaac8cfa34a961bb84147d66076 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL
MD5: 240dbc4b5e382ca2f63a2562062e9a08 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL
MD5: 7b845bfe314509d08ab5865cb141e332 C:\Program Files\iTunes\iTunesHelper.dll
MD5: 4affdcaadcb1dbbffaf06c7f82e7f6fc C:\Program Files\iTunes\iTunesHelper.exe
MD5: 9dee004269dadee715bd572410aa6076 C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL
MD5: a7146c0c90d7ba0f251ac073e655d4d2 C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL
MD5: c1680c34de8a405c8829ab93236576fd C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
MD5: eb47e405a9222ca595e5e763b4156529 c:\program files\java\jre7\bin\jp2ssv.dll
MD5: b591e761161d1ef547d76ef236eaa6a5 C:\Program Files\Java\jre7\bin\jqs.exe
MD5: 67ec459e42d3081dd8fd34356f7cafc1 C:\Program Files\Java\jre7\bin\MSVCR100.dll
MD5: c04fcb7eebeb5097b30468828f20fb9e C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
MD5: a7a6954e500715117b64b414ab81cb44 c:\program files\java\jre7\bin\ssv.dll
MD5: cae4adee7be5c6ad35c84d10a866977e C:\Program Files\ltmoh\ltmoh.exe
MD5: 31266c908b046c89b3e5a83adf455030 C:\Program Files\ltmoh\MOHAPI.dll
MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe
MD5: 9013599b12923a45c029c34e8d2211ac c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
MD5: 4069a06436494c4de12f65477bb92ebe C:\Program Files\Mozilla Firefox\components\browsercomps.dll
MD5: e60e9d5f229cb8da347d48add6e8dc47 C:\Program Files\Mozilla Firefox\firefox.exe
MD5: 340a842b7c5d21e08bfcbb7f9b58139d C:\Program Files\Mozilla Firefox\freebl3.dll
MD5: b9a5a116229ff8e1d5994f6793eb6a6e C:\Program Files\Mozilla Firefox\gkmedias.dll
MD5: 7ef5d4b34137d053b9f4f843ae796802 C:\Program Files\Mozilla Firefox\mozalloc.dll
MD5: be852d6ad0a67ee9dd28c6f95e5896e1 C:\Program Files\Mozilla Firefox\mozglue.dll
MD5: cc726292a4fdec2857688ca3c32a510d C:\Program Files\Mozilla Firefox\mozjs.dll
MD5: f9cf7ed9f44176962d182b80ae0c66d4 C:\Program Files\Mozilla Firefox\mozsqlite3.dll
MD5: 03e9314004f504a14a61c3d364b62f66 C:\Program Files\Mozilla Firefox\MSVCP100.dll
MD5: 67ec459e42d3081dd8fd34356f7cafc1 C:\Program Files\Mozilla Firefox\MSVCR100.dll
MD5: cebc736458c1f79c23b1bbc5493db4c2 C:\Program Files\Mozilla Firefox\nspr4.dll
MD5: e1fbacb92fe471c684546dd9336afef6 C:\Program Files\Mozilla Firefox\nss3.dll
MD5: f3b8464a02e793fd46bcf6f8f6da878d C:\Program Files\Mozilla Firefox\nssckbi.dll
MD5: a062f4f9f2e2a89f7c0ed75be5ab8d3f C:\Program Files\Mozilla Firefox\nssdbm3.dll
MD5: d8474b89fd26b18eed414a42ae5175ac C:\Program Files\Mozilla Firefox\nssutil3.dll
MD5: a38276867df9ecfac4bae167ba34772d C:\Program Files\Mozilla Firefox\plc4.dll
MD5: 74e3fd55c2bcfedcecc80121e93ffec5 C:\Program Files\Mozilla Firefox\plds4.dll
MD5: b204707e5f48e90427da6874e72345f9 C:\Program Files\Mozilla Firefox\plugin-container.exe
MD5: 94fb1d160021fe9f54c84ff587273868 C:\Program Files\Mozilla Firefox\smime3.dll
MD5: 7f1d7cfabb351d8f46a0b94d5787fcf3 C:\Program Files\Mozilla Firefox\softokn3.dll
MD5: 5914766c39b2d62ce67e2509f78216ab C:\Program Files\Mozilla Firefox\ssl3.dll
MD5: 7f89683200960ffae7c6f7f99360949c C:\Program Files\Mozilla Firefox\xpcom.dll
MD5: 819fa5f084b3174cf702320ce58aa7e6 C:\Program Files\Mozilla Firefox\xul.dll
MD5: 8be15f71de6ff33fc56dcde7b2b9efe8 C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
MD5: 54bc55d3d9bd33a6ce38f811cf836794 C:\Program Files\Picasa2\npPicasa3.dll
MD5: 916a2c4eb028604783fd5ea169236c1d C:\Program Files\QuickTime\qttask.exe
MD5: 114d0136ba91f0f4a8ed4de140312a10 C:\Program Files\TOSHIBA\TouchPad\KeybdHook.dll
MD5: 98046adfa5ef9c3fa746bf6090154e78 C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
MD5: 7b37f8ec25c9ad853e8126c1d0992201 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\msvcm90.dll
MD5: 7b37f8ec25c9ad853e8126c1d0992201 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\msvcm90.dll
MD5: 9892e0d72eedf3da1cdcfdac318d556c C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
MD5: b5966f1dff6e20576f3c8c2d93d129fd C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
MD5: 80caecd939497a17bd8ceedd94691b40 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFMEIPC.dll
MD5: 80caecd939497a17bd8ceedd94691b40 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFMEIPC.dll
MD5: 92f0088ca18bb08bb596ef2608256f8a C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
MD5: 315c344ea1ec71ae6db4bb4567d912ef C:\Program Files\Western Digital\WD SmartWare\Front Parlor\XP\Shadow.dll
MD5: bf847a3972cc6b5ce26e0ea742dd52d9 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
MD5: f415c0541cd53c453e61e2d7375caf8f C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
MD5: c4edb78883828e664650022c67ff95f2 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WdNetworkDiscovery.DLL
MD5: 32f801e868bd2006911d49128cdd6312 C:\WINDOWS\agrsmmsg.exe
MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL
MD5: 16f96c1496cbd0965285ab19a9271d02 C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MD5: f054572a92573ca32d5f3aa8c15d2bac C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MD5: 7e50d25f9a5bc75f22ca7aeb52176ca2 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
MD5: 2849f13593d2712ccb97ffbdd3c1232e C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MD5: 7a4d7b91bc815ed33e63122ca7078fd0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll
MD5: 2508aefaf8eb5d452b34d359762c5c93 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\0049820f680f609298f91b15f455a86d\System.Configuration.Install.ni.dll
MD5: 878f6183cef9bef0019fe03ee10ad269 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll
MD5: 026d16c9a846648048bcf67c012438a1 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\d309c7e5107b3aed78e097659f94543b\System.Data.ni.dll
MD5: dbca711619f8a5de5d49f6efb49089ed C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\18a9c594469dc027497b448fb945aaca\System.EnterpriseServices.ni.dll
MD5: aca57ba96a51229cc4574fde502d03dd C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\d8ca3b9fefcda19eeecd55c239f504ba\System.Management.ni.dll
MD5: a37d4bbfe500c31c4a8b6456c8dab1c0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\96d93d79e2516cac93027cbe2e2d1757\System.ServiceModel.ni.dll
MD5: 7dd59b0ff41ea39d320ffcd825d61b4f C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\31b7eef43a23e7c6e93594be583f3d08\System.ServiceProcess.ni.dll
MD5: 003c54d4a636580143fa73b61ced7e84 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\43b92a8dac90d1d6426274274abb69a6\System.Transactions.ni.dll
MD5: 89be7f1e47ade757e0460027ec5cd998 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll
MD5: c2b9b86d3037ad3902058939954d6109 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll
MD5: daee914abcf0081aaf23689e4a8c27dd C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
MD5: b560a085eed4d5d72b039929f9ae4991 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
MD5: fb53a700132d9a97d1e10e9f80bd6174 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MD5: 35a936c7c029a5b705d3ffd40518d660 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: 174c7ee63011017ca12e31ced195581d C:\WINDOWS\system32\ati2evxx.exe
MD5: cfd4e51402da9838b5a04ae680af54a0 c:\windows\system32\browser.dll
MD5: 36ab90be95e97d48dc372e4a7d5dc1c7 C:\WINDOWS\system32\CeTPPolicy.dll
MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\COMCTL32.dll
MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll
MD5: 6bee5d4eff0a0341bcc4a462d81ccfc1 C:\WINDOWS\system32\CRYPT32.dll
MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll
MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\system32\cscdll.dll
MD5: dd40363abad230a84c5e2178b11efa88 C:\WINDOWS\system32\CSRSRV.dll
MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll
MD5: aa0507f0516a4dff1b1279ab4a2abb37 C:\WINDOWS\system32\DINPUT8.dll
MD5: e269d9fedfc0f56a247cad1a63796520 C:\WINDOWS\system32\dla\tfsnboio.sys
MD5: 3c1e664efe8a77a39bd6c75d5a528f71 C:\WINDOWS\system32\dla\tfsncofs.sys
MD5: d31218ff783e87796ff6fc08947b7b1a C:\WINDOWS\system32\dla\tfsndrct.sys
MD5: 2c6bb69577142532ca2d500eb9f13d33 C:\WINDOWS\system32\dla\tfsndres.sys
MD5: e426978f51af4a6a35570eced8d1e1f3 C:\WINDOWS\system32\dla\tfsnifs.sys
MD5: 38c8e56fa7e82c977507c1fdcbf3a294 C:\WINDOWS\system32\dla\tfsnopio.sys
MD5: ae9e9bf9bde115d1b343a2e520450b4e C:\WINDOWS\system32\dla\tfsnpool.sys
MD5: 1cd2d88dd844d77e7b3da0cef4108ea1 C:\WINDOWS\system32\dla\tfsnudf.sys
MD5: d992c38ec8e99729c02179932d16a700 C:\WINDOWS\system32\dla\tfsnudfa.sys
MD5: 61eee1de8b39724b6f2c9bfda28a2d04 C:\WINDOWS\system32\dla\tfswcres.dll
MD5: 8ab4b5550e98376387a350992284d6e2 C:\WINDOWS\system32\dla\tfswctrl.exe
MD5: ac45c92abef8c7f5281bb74233613b0f c:\windows\system32\dla\tfswshx.dll
MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll
MD5: 5f7e24fa9eab896051ffb87f840730d2 C:\WINDOWS\System32\dnsrslvr.dll
MD5: 062373995eae5f0eac9eaa9192136bfb C:\WINDOWS\system32\dnssd.dll
MD5: 1e44bc1e83d8fd2305f8d452db109cf9 C:\WINDOWS\System32\drivers\afd.sys
MD5: 052343cd49c8da20c48958cfe73c7d44 C:\WINDOWS\system32\DRIVERS\AGRSM.sys
MD5: fbbcb95f677cbaa924140b6ea2d9a97b C:\WINDOWS\system32\drivers\ALCXSENS.SYS
MD5: 4dd2c10fc6434fedcb7c71fbdc1f107a C:\WINDOWS\system32\drivers\ALCXWDM.SYS
MD5: 466708ae500e11cfa56483ee7fb9ad11 C:\WINDOWS\system32\DRIVERS\ar5211.sys
MD5: 4938ad74de9088f70922fabf86912eee C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
MD5: 10d5fb74ee18ea49c30daaa203c0e0ec C:\WINDOWS\system32\DRIVERS\atisgkaf.sys
MD5: 19f07389ade563b46e99626fd675070d C:\WINDOWS\system32\drivers\drvmcdb.sys
MD5: 0ffe2f06e9103a4fbd5e6418ca044d1c C:\WINDOWS\system32\drivers\drvnddm.sys
MD5: 4094e23a8dcd947f8f0f762d0630f4ac C:\WINDOWS\system32\DRIVERS\eamon.sys
MD5: 0fc7f6be889a747b1d0edfe4c58e487b C:\WINDOWS\system32\DRIVERS\ehdrv.sys
MD5: 200da4f1964c11b3c19a07f937394624 C:\WINDOWS\system32\drivers\emAudio.sys
MD5: 5118ea8a2f55fa4d4295516500b78229 C:\WINDOWS\system32\DRIVERS\emDevice.sys
MD5: 6f87e4706f59463b74bc4fad0f67338f C:\WINDOWS\system32\DRIVERS\emFilter.sys
MD5: 6428a1ce5abe3e71a97dfdda0a19546f C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
MD5: f5a633609777c212ec5ff19927fc5955 C:\WINDOWS\system32\DRIVERS\emScan.sys
MD5: 5d8d0d9b78fb21bfb3f2ca97d41ea4ca C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
MD5: 772127b385dec14b13325d9efcc0ac14 C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
MD5: 472ea4e9734147f8ada93c4ab944b958 C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
MD5: 185ada973b5020655cee342059a86cbb C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
MD5: 9f1d80908658eb7f1bf70809e0b51470 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
MD5: f7e3e9d50f9cd3de28085a8fdaa0a1c3 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
MD5: cf1b7951b4ec8d13f3c93b74bb2b461b C:\WINDOWS\system32\DRIVERS\HPZius12.sys
MD5: aca5e7b54409f9cb5eed97ed0c81120e C:\WINDOWS\system32\DRIVERS\irda.sys
MD5: b280c4608ac389da9515a35ac4cab0fd C:\WINDOWS\system32\drivers\libusb0.sys
MD5: a3e700d78eec390f1208098cdca5c6b6 C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
MD5: 766a1d242f4390ddf1243084898a20c9 C:\WINDOWS\System32\Drivers\meiudf.sys
MD5: c0f8e0c2c3c0437cf37c6781896dc3ec C:\WINDOWS\system32\DRIVERS\MPE.sys
MD5: 7d304a5eb4344ebeeab53a2fe3ffb9f0 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
MD5: 0109c4f3850dfbab279542515386ae22 C:\WINDOWS\system32\DRIVERS\ndistapi.sys
MD5: 444f122e68db44c0589227781f3c8b3f C:\WINDOWS\system32\drivers\pfc.sys
MD5: f7bb4e7a7c02ab4a2672937e124e306e C:\WINDOWS\System32\Drivers\PxHelp20.sys
MD5: 29f9879a1fd386f7251ae9fdadb2cbf1 C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys
MD5: a9573045baa16eab9b1085205b82f1ed C:\WINDOWS\system32\DRIVERS\serscan.sys
MD5: 707647a1aa0edb6cbef61b0c75c28ed3 C:\WINDOWS\system32\DRIVERS\smcirda.sys
MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys
MD5: 7c0c9bdca2d351ff3b4f9b69f99aa995 C:\WINDOWS\system32\drivers\sscdbhk5.sys
MD5: 31726706d54894d5059f7471111a87bb C:\WINDOWS\system32\drivers\ssrtln.sys
MD5: 1f26d86828039c0b594399f7f2ffef09 C:\WINDOWS\system32\Drivers\Tbiosdrv.sys
MD5: cbc0be9758bace83fc9ac25f4cca20e7 C:\WINDOWS\System32\Drivers\TPIoMngr.sys
MD5: 73b41f4ead65f355962168d766af0f2e C:\WINDOWS\System32\Drivers\usbaapl.sys
MD5: 77c4901986fc7a83e853b300e80d234b C:\WINDOWS\system32\DVDRAMSV.exe
MD5: f5b754cdea20bbb3a31e16a776ede6d6 c:\windows\system32\ESENT.dll
MD5: 303a63f4b913aa5d8998161cb77a8ce7 C:\WINDOWS\system32\feclient.dll
MD5: eb53460ce1aaa176e573b2a65027290f C:\WINDOWS\system32\HPDiscoPM5412.dll
MD5: 059d29ce8f93c0fa0e3da4e04db7033d C:\WINDOWS\system32\hpinksts5412LM.dll
MD5: fecf7a0cf46b3a8b6644c6b1a939916a C:\WINDOWS\system32\HPScanMiniDrv_OJ6500_E710nz.dll
MD5: 36247c6d5e1fe03a56ee81bb99d7e68c C:\WINDOWS\system32\hptcpmib.dll
MD5: e0b83adfb16d794a0d207fe119d03182 C:\WINDOWS\system32\HpTcpMon.dll
MD5: 5cc3838902a9257b79bd43f56d8b7275 C:\WINDOWS\system32\HPTcpMUI.dll
MD5: 2d091a99624fb9e7eef0a86d872ec0c3 C:\WINDOWS\system32\HPZipm12.exe
MD5: 16fc2c309998c6d55c182652d6a1c5b1 C:\WINDOWS\system32\hpzjrd01.dll
MD5: 52417880ac75ac4b7f4e5c3b54ca6621 C:\WINDOWS\system32\hpzlnt12.dll
MD5: d573deb87cb2df4e5116d2a4e284eab4 C:\WINDOWS\system32\ieframe.dll
MD5: 0579cc3b95edd1ce664a35e016f3dd58 C:\WINDOWS\system32\iertutil.dll
MD5: ffc01a72d1c25ccb39f61b202ce60819 C:\WINDOWS\system32\IMAGEHLP.dll
MD5: 49cc4533ce897cb2e93c1e84a818fde5 c:\windows\system32\irmon.dll
MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll
MD5: 5677dfe438ec1f009273fc84feed6b10 C:\WINDOWS\system32\localspl.dll
MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll
MD5: e7bc792810ec02dd1f7ed25d830e9324 C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
MD5: 76848cb1aa5818db47d5f5986e0a7485 C:\WINDOWS\system32\MFC42.DLL
MD5: 1e744353bd534405187a404667da3dc3 C:\WINDOWS\system32\mgmtapi.dll
MD5: 8c22083ed515dc94d575438662f0be6a c:\windows\system32\msi.dll
MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll
MD5: acfee2392503dd5e457363a0510b8bcb C:\WINDOWS\system32\msxml3.dll
MD5: bbdfdbead1b7a1cfd44bfffd177fb627 C:\WINDOWS\system32\mucltui.dll
MD5: cac752bf84db4666ed3ce0948e6ea937 C:\WINDOWS\system32\NETAPI32.dll
MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 c:\windows\system32\netshell.dll
MD5: 2c82d753ef779945977c82a3908da20a C:\WINDOWS\system32\npDeployJava1.dll
MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll
MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll
MD5: 6bad1bed9872e62049e487fb91ae2f3a C:\WINDOWS\system32\ole32.dll
MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll
MD5: 7c86a098d2a2e5d0cc8ec60f90637e9e C:\WINDOWS\system32\RAMASST.exe
MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll
MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll
MD5: 0f64207b49390c8063c36ae7cbf9c2db C:\WINDOWS\system32\schannel.dll
MD5: 6843d54bc4a40cc8c5741af750233d10 C:\WINDOWS\system32\SHELL32.dll
MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll
MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe
MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll
MD5: d66709f79d595dd378c995c3347349c1 C:\WINDOWS\system32\sstext3d.scr
MD5: d0049860b63dd87a73a5d165c829c65f C:\WINDOWS\system32\t2embed.dll
MD5: 38692f24a78d3ba3f437a6d1e3bc7c12 C:\WINDOWS\system32\tfswapi.dll
MD5: 9371862d37e8f0af21e4dea95e867c39 C:\WINDOWS\system32\urlmon.dll
MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe
MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll
MD5: 684559a03cbc1d05ba120a18b0d8ba5d C:\WINDOWS\System32\WINHTTP.dll
MD5: ff1c14bca1a797ce45dd359fa2c9eda8 C:\WINDOWS\system32\WININET.dll
MD5: 4a953f13942867ba8fb41f141ec1b80c C:\WINDOWS\system32\WINMM.dll
MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll
MD5: 8c7dca4b158bf16894120786a7a5f366 C:\WINDOWS\system32\winsrv.dll
MD5: d458b738b4c2ce33174cfb2ce12412db C:\WINDOWS\system32\WINTRUST.dll
MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll
MD5: f92e1076c42fcd6db3d72d8cfe9816d5 C:\WINDOWS\system32\wscntfy.exe
MD5: 52778fce46e510b60f513b8882a65cd6 C:\WINDOWS\System32\wshirda.dll
MD5: 277f3e3333f1d10ca428568197fcce70 C:\WINDOWS\system32\wsnmp32.dll
MD5: 2e0b0a051ffaa86e358465bb0880d453 C:\WINDOWS\system32\wuauclt.exe
MD5: c31dd4cec06d2908ae5f212a0b13805b C:\WINDOWS\system32\wuaucpl.cpl
MD5: fc3ec24fce372c89423e015a2ac1a31e C:\WINDOWS\system32\wuaueng.dll
MD5: c88c65df1ed4dfd34cfbd11cdfe519a3 C:\WINDOWS\system32\wucltui.dll
MD5: bdc0c99e472176c8c2c853a68adc5073 C:\WINDOWS\system32\wups2.dll
MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
MD5: d34a527493f39af4491b3e909dc697ca C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCR90.dll
MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MD5: 80776884e7a05d6da5040926f82b0273 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\gdiplus.dll


No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.01 MB sent, 0.97 KB recvd
Scanned 649 files and modules - 174 seconds

==============================================================================

As for how my machine is running, I can't say that it is as slow as it was before. I will let you know how it is doing in a day or so or when you reply to this post. Thanks again...

 

[Stormin1]

Windows Update

Hi JonTom,
I've run a windows update today and it won't update this one:

Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2698023)

Any suggestions?

 

[JonTom]

Hello Stormin1

Thank you for the logs.

MBAM looks good and BitDefender looks good too

Any suggestions?

Lets see what the following can tell us:

1. Farbar Service Scanner
   
   
   • Please download Farbar Service Scanner from here and run it on your machine.
     
   • Make sure the following options are checked:
   
   
   • Internet Services
     Windows Firewallsfc
     System Restore
     Security Center
     Windows Update
   
   
   • Press "Scan".
   • It will create a log (FSS.txt) in the same directory the tool is run.
   • Please copy and paste the log to your reply.

Please post the FSS log and a new set of DDS logs for me to review in your next reply.

 

[Stormin1]

Last instructions

Hello JonTom,

Farbar Service Scanner Version: 09-11-2012
Ran by Alain Normand (administrator) on 17-11-2012 at 08:53:28
Running from "C:\Documents and Settings\Alain Normand\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is set to Demand. The default start type is Auto.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
epfwtdir(31) Gpc(7) IPSec(5) irda(3) NetBT(6) PSched(8) Tcpip(4)
0x1F0000000500000001000000020000000300000004000000060000000700000008000000090000000A0000000B0000000E0000000C0000000D0000000F000000100000001100000012000000130000001400000015000000160000001700000018000000190000001A0000001B0000001C0000001D0000001E0000001F000000
IpSec Tag value is correct.

**** End of log ****

DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by Alain Normand at 12:53:25 on 2012-11-17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1407.809 [GMT -7:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TPNF] c:\program files\toshiba\touchpad\TPTray.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [LtMoh] c:\\program files\\ltmoh\\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBC} - <orphaned>
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1350450129234
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_05-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_05-windows-i586.cab
DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} - hxxps://my.calgaryhealthregion.ca/redirect/http://mail.calgaryhealthregion.ca/owa/MWScripts/AttachView/1.9/DAX.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254 75.153.176.1
TCP: Interfaces\{83FE0DF6-2552-4656-BA5F-BD0DEB2A10E6} : DHCPNameServer = 192.168.1.254 75.153.176.1
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - c:\program files\turbotax 2010\ic2010pp.dll
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files\turbotax 2011\ic2011pp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\alain normand\application data\mozilla\firefox\profiles\iq0w8l9n.default\
FF - plugin: c:\documents and settings\alain normand\application data\mozilla\firefox\profiles\iq0w8l9n.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2012-11-16 10:49; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\documents and settings\alain normand\application data\mozilla\firefox\profiles\iq0w8l9n.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-3-29 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-3-29 95872]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-3-29 810120]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2011-3-9 238592]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2011-3-9 484352]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2011-3-9 1060864]
S3 cpuz134;cpuz134;\??\c:\docume~1\alainn~1\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\alainn~1\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2012-3-1 21504]
.
=============== Created Last 30 ================
.
2012-11-16 17:50:34 -------- d-----w- c:\documents and settings\alain normand\application data\QuickScan
2012-11-16 17:47:10 -------- d-----w- c:\documents and settings\alain normand\local settings\application data\Sun
2012-11-16 17:38:20 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-16 17:38:20 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-16 17:38:20 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-16 17:38:13 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-16 07:00:42 -------- d-----w- c:\documents and settings\alain normand\local settings\application data\PCHealth
2012-11-14 13:06:02 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-14 13:06:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-10 05:02:49 -------- d-sha-r- C:\cmdcons
2012-11-10 05:01:42 98816 ----a-w- c:\windows\sed.exe
2012-11-10 05:01:42 256000 ----a-w- c:\windows\PEV.exe
2012-11-10 05:01:42 208896 ----a-w- c:\windows\MBR.exe
2012-11-01 16:52:30 -------- d-----w- c:\documents and settings\alain normand\application data\AVPro
2012-11-01 16:52:24 6393144 ----a-w- c:\windows\uninstac.exe
2012-11-01 16:52:22 582992 ----a-w- c:\windows\system32\sbap.dll
2012-11-01 16:52:22 415056 ----a-w- c:\windows\system32\SpursDownload.dll
2012-11-01 16:52:22 308560 ----a-w- c:\windows\system32\vipre.dll
2012-11-01 16:52:22 1332560 ----a-w- c:\windows\system32\sbte.dll
2012-11-01 16:52:21 160768 ----a-w- c:\windows\system32\unrar.dll
2012-11-01 16:52:18 -------- d-----w- c:\documents and settings\all users\application data\AVC1Data
2012-11-01 00:55:42 -------- d-----w- C:\ebooks in Caliber
2012-10-31 23:41:43 -------- d-----w- c:\documents and settings\alain normand\local settings\application data\Western_Digital
2012-10-31 23:41:02 -------- d-----w- c:\documents and settings\alain normand\local settings\application data\Western Digital
2012-10-31 23:40:54 -------- d-----w- c:\documents and settings\all users\application data\Western Digital
2012-10-31 21:48:42 -------- d-----w- c:\program files\Western Digital
2012-10-27 04:36:38 -------- d-----w- c:\documents and settings\alain normand\application data\Barnes & Noble
2012-10-27 04:36:32 -------- d-----w- c:\program files\Barnes & Noble
.
==================== Find3M ====================
.
2012-10-27 04:03:42 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-27 04:03:42 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-22 08:37:31 1866368 ------w- c:\windows\system32\win32k.sys
2012-10-09 15:22:25 9575864 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-10-02 18:04:21 58368 ------w- c:\windows\system32\synceng.dll
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 19:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 19:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-21 13:33:26 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:09 2027520 ------w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 12:54:37.01 ===============

Can't say that the pc is much faster. It seems it takes longer to boot up and load the programs than before.

 

[JonTom]

Hello Stormin1

Thank you for the log.


MBAM and Bitdefender have not detected any remaining malware on your machine and your latest DDS scan appears to be clean.

Can't say that the pc is much faster

System speed is not always related to malware issues. You presently have about 0.8GB of free RAM available on your machine. Whilst this is not critically low you would certainly notice a drop in system performance if you were running any applications that draw heavily on system resources.

The following may help with your update problems and system speed issues:

1. Dial-a-Fix
   
   
   • Please download Dial-a-Fix from here and save it to your desktop.
   • Double click to run it.
   • Check the WU/WUAU box (Fix Windows Update) then click the GO button.
   • Allow that to complete then reboot.
   • Try Windows Update again.
   
   
2. Defragment your hard drive
   
   
   • Download and run Auslogics Disc Defragmenter.
   • You can find it here: http://forums.whatthetech.com/redir...uslogics.com/en/software/disk-defrag/download
   
   
3. StartupLight
   
   
   • You may wish to try StartupLite. Simply download this tool to your desktop and run it.
   • It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup.
   • This will result in fewer programs running when you boot your system, and should improve performance.
   • You can find it here: http://www.malwarebytes.org/startuplite.php
   
   
   More information can be found in the link below:
   
   http://www.bleepingcomputer.com/forums/index.php?showtopic=87058&view=findpost&p=487112
   
   Give the steps above a try and let me know how you get on in your next reply.

 

[Stormin1]

Rebooted after dial a fix

Hi JonTom,

After running dial a fix, windows update could still not install:

Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2698023)

So I'm just wondering if there is anything I can do yet to get windows to install all of its updates? Thanks for all your help.