Jump to content

shinglhed

Honorary Members
  • Posts

    32
  • Joined

  • Last visited

Reputation

0 Neutral

Profile Information

  • Location
    Pennsylvania, USA
  1. I've read the tips for malware prevention. I'm currently running MalwareBytes Pro and Avast Internet Security (paid version). Would yuo recommend SpywareBlaster as well along with these two programs? Thanks again.
  2. First off...thank you very much for all of the help. Before I uninstall the ESNET Scanner, after it was done scanning there was a message that if I uninstall it the files that were quarantined would no longer be quarantined. Should I be worried about that? Thanks again
  3. OK, finally got Avast reinstalled and ran the computer through the paces to make sure everything is working. All seems to be back to normal and I'm ready for you're final instructions.
  4. Everything, for the most part, seems to be ok. A few things are running slow but that could be that I need to do a good cleanimg. Two problems - 1) Avast does not load on start up. I've rebooted 3 times, checked msconfig and AvastARM is checked off, but it doesn't load on start up 2) Evidence Eliminator is gone - if this just part of the clean up process I can always just reload it as I've used this utility to help[ keep my computer "clean" and running well. I'll be off line until about 8:00 AM EST tomorrow. Thank you for all your help.
  5. WOW, was that a long scan! Here is the results - C:\Documents and Settings\Customer\Start Menu\My Documents\MISC\fun\farter.exe a variant of Win32/Joke.ScreenMate.AA application cleaned by deleting - quarantined C:\Documents and Settings\Customer\Start Menu\My Documents\programs\FoxitReader531.0606_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined C:\Documents and Settings\Customer\Start Menu\My Documents\programs\WinZip170.exe a variant of Win32/OpenInstall application cleaned by deleting - quarantined C:\System Volume Information\_restore{CE9F27B3-E21A-4C4B-A88B-24A581023893}\RP1223\A0305167.lnk Win32/Reveton.M trojan cleaned by deleting - quarantined
  6. Here is the combofix log ComboFix 13-07-30.03 - Customer 07/30/2013 13:30:44.1.2 - x86 Running from: c:\documents and settings\Customer\Desktop\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg c:\documents and settings\All Users\Application Data\TEMP\AVG\crt_x64.msi c:\documents and settings\All Users\Application Data\TEMP\AVG\files.dat c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.dat c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini c:\documents and settings\All Users\Application Data\TEMP\AVG\setupcz.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setupda.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setupfr.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setupge.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setuphu.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setupid.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setupin.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setupit.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setupjp.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setupko.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setupms.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setupnl.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppb.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppl.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppt.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setupru.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsc.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsk.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsp.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setuptr.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setupus.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzh.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzt.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredis1.cab c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredist.msi c:\documents and settings\Customer\GoToAssistDownloadHelper.exe c:\documents and settings\Customer\Start Menu\Programs\Evidence Eliminator c:\documents and settings\Customer\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator Help.lnk c:\documents and settings\Customer\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator License Agreement.lnk c:\documents and settings\Customer\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator Read Me.lnk c:\documents and settings\Customer\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator.lnk c:\documents and settings\Customer\WINDOWS c:\documents and settings\Customer\zlib.dll C:\install.exe c:\program files\Evidence Eliminator c:\program files\Evidence Eliminator\Data\Config.dat c:\program files\Evidence Eliminator\Data\Drives.dat c:\program files\Evidence Eliminator\Data\Files.dat c:\program files\Evidence Eliminator\Data\FilesContents.dat c:\program files\Evidence Eliminator\Data\Folders.dat c:\program files\Evidence Eliminator\Data\FolderScans.dat c:\program files\Evidence Eliminator\Data\IECookiesKeep.dat c:\program files\Evidence Eliminator\Data\IEDownloadedKeep.dat c:\program files\Evidence Eliminator\Data\NSN4CookiesKeep.dat c:\program files\Evidence Eliminator\Data\OE5ChoiceList.dat c:\program files\Evidence Eliminator\Data\Plug-Ins\AbsoluteFTP.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\ACDSEE Photo Viewer v3.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Adaptec Easy CD Creator v4.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v3.0.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v3.1.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v4.0.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v5.0.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v5.1.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v6.0.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v7.0.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat v6.0.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v5.0 LE.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v5.5.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v5.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v6.0.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v7.0.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v8.0.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v9.0.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\ASPack.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Avant Browser.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Cabinet Manager.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Copernic 2000 Pro.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Copernic 2000.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Copernic Agent.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Cute FTP v3.0.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Cute FTP v4.0.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Delphi v3.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Delphi v4.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Delphi v5.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\DiskKeeper v5.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\DivXPlayer.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Download Accelerator.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Eudora Mail.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\EventLog.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\FTP Explorer.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\GetRight ExplorerBar.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\GetRight v4.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\GoogleBar.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\GoZilla.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Helios TextPad v3.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Helios TextPad v4.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\HelpWriter.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Icon Extractor.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\ICQ 2000a.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\InstallShield Express.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\JASC Paintshop Pro v5.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\JASC Paintshop Pro v6.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\JASC Paintshop Pro v7.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\JASC Paintshop Pro v8.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Jet PhotoShell v1.2.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Kazaa.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Limewire v4.0.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Macromedia Flash v4.0.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\MasterSplitter v2.1.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\McAfee Virus Scan v4.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Microangelo 98.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Micrografx Picture Publisher v7.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Micrografx Picture Publisher v8.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Microsoft FrontPage Express.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Microsoft FrontPage.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Microsoft Help Workshop.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Microsoft HTML Help.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Microsoft Office.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Microsoft Publisher 2000.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Microsoft Send-To Extensions.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Microsoft Windows Paint.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Microsoft Windows WordPad.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\My Network Places.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Napster Music Community.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\NEATO Labels.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\NeoPlanet v5.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Norton AntiVirus 2000 (v6).eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Norton Antivirus 2003.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Norton File Manager.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Norton Internet Security 2004.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Norton Personal Firewall.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Norton Utilities 2000.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\NoteTab Pro.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Opera Browser.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\PackageForTheWeb.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Personal Ancestral File.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Real Audio Player v6 v7 v8.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Real Download v4.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\RealOne Player.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Roxio Easy CD Creator v6.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\SureThing CD Labeler.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Telnet.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Ulead Gif Animator v4.0.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Ulead Photo Explorer v4.2.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Ulead Photo Viewer v4.0.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Ulead PhotoImpact v10.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Ulead PhotoImpact v5.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Ulead PhotoImpact Viewer v4.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\UltraEdit v4.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\UltraEdit v7.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Web Ferret v3.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\WinOnCD.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\WinRar v2.6.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\WinRar v2.70.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\WinRar v3.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\WinZip v7.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\WinZip v8.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Wise Installer.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Yahoo Player.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\ZipMagic 2000.eep c:\program files\Evidence Eliminator\Data\Plug-Ins\Zone Alarm.eep c:\program files\Evidence Eliminator\Data\PlugInSelections.dat c:\program files\Evidence Eliminator\Data\ScanMasks.dat c:\program files\Evidence Eliminator\Data\TBChoiceList.dat c:\program files\Evidence Eliminator\Ee.exe c:\program files\Evidence Eliminator\Help\ee.chm c:\program files\Evidence Eliminator\INSTALL.LOG c:\program files\Evidence Eliminator\License.txt c:\program files\Evidence Eliminator\ReadMe.txt c:\program files\Evidence Eliminator\UNWISE.EXE c:\program files\Evidence Eliminator\UNWISE.INI c:\windows\system32\AutoRun.inf c:\windows\system32\msssc.dll . . ((((((((((((((((((((((((( Files Created from 2013-06-28 to 2013-07-30 ))))))))))))))))))))))))))))))) . . 2013-07-29 21:13 . 2013-07-29 21:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2013-07-16 12:52 . 2013-07-16 12:52 -------- d-----w- c:\program files\Common Files\Java 2013-07-16 12:51 . 2013-07-16 12:51 144896 ----a-w- c:\windows\system32\javacpl.cpl 2013-07-16 12:51 . 2013-07-16 12:51 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-07-12 18:42 . 2013-07-12 18:42 6129024 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll 2013-07-12 18:42 . 2013-07-12 18:42 6129024 ----a-w- c:\program files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-16 12:51 . 2013-03-05 19:02 867240 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-07-16 12:51 . 2013-03-05 19:02 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-06-27 19:50 . 2013-03-05 18:46 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-06-27 19:50 . 2012-07-03 14:40 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-06-27 19:50 . 2012-07-03 14:40 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-06-12 16:49 . 2012-04-03 12:22 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-06-12 16:49 . 2011-05-17 12:34 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-08 03:55 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec 2013-06-07 21:56 . 2006-02-28 12:00 920064 ----a-w- c:\windows\system32\wininet.dll 2013-06-07 21:56 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-06-07 21:56 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-06-04 07:23 . 2006-02-28 12:00 562688 ----a-w- c:\windows\system32\qedit.dll 2013-06-04 01:40 . 2006-02-28 12:00 1876736 ----a-w- c:\windows\system32\win32k.sys 2013-05-09 08:59 . 2013-03-05 18:46 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-05-09 08:59 . 2012-07-03 14:39 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-05-09 08:59 . 2013-03-05 18:46 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-05-09 08:59 . 2012-07-03 15:52 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2013-05-09 08:59 . 2012-07-03 14:39 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2013-05-09 08:59 . 2012-07-03 14:39 204784 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2013-05-09 08:59 . 2012-07-03 14:40 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-05-09 08:59 . 2012-07-03 14:40 104752 ----a-w- c:\windows\system32\drivers\aswFW.sys 2013-05-09 08:58 . 2012-07-03 14:39 41664 ----a-w- c:\windows\avastSS.scr 2013-05-09 08:58 . 2012-07-03 14:39 229648 ----a-w- c:\windows\system32\aswBoot.exe 2013-05-09 04:28 . 2006-08-25 02:30 1543680 ------w- c:\windows\system32\wmvdecod.dll 2013-05-03 01:30 . 2006-02-28 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-05-03 00:38 . 2004-08-03 22:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58 121968 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032] "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016] "WinFaxAppPortStarter"="wfxsnt40.exe" [1998-07-27 43008] "Nuance PDF Create 7-reminder"="c:\program files\Nuance\PDF Create 7\Ereg\Ereg.exe" [2010-07-05 333088] "OneTouch Monitor"="c:\program files\Visioneer OneTouch\OneTouchMon.exe" [2003-11-20 106496] "IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2002-09-23 36864] "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-31 2595616] "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-31 909208] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-03-14 286720] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABBAC0ATgAwADAAUQAzAC0AMABEAFUARwBTAC0AUQBEAFcATQBSAC0AMgBZADQAVgBLAC0AQgBDAEcAUgBFAA&inst=NwA2AC0ANQAwADYANgA0ADAANAAxADgALQBWAE8AUAArADMALQBVADkAMAArADEALQBYAE8AMwA2ACsAMQAtAE4AMQBEACsAMQAtAFQAQgA5ACsAMgAtAFAATAArADkA∏=51&ver=9.0.872" [?] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016] "{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\Symantec\WinFax\WfxSeh32.Dll" [1998-07-27 38400] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Controller.LNK] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Controller.LNK backup=c:\windows\pss\Controller.LNKCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GA311 Smart Wizard Utility.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GA311 Smart Wizard Utility.lnk backup=c:\windows\pss\GA311 Smart Wizard Utility.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RealDownload.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RealDownload.lnk backup=c:\windows\pss\RealDownload.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] 2007-10-31 00:07 140568 -c--a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-10-03 08:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer] 2013-01-30 03:34 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2013-02-13 02:37 1263952 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 15:50 155648 ------w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] 2002-09-23 14:25 45108 ------w- c:\program files\Scansoft\PaperPort\pptd40nt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI] 2004-02-03 19:13 49152 -c----w- c:\progra~1\Pinnacle\PPE\PPE.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF7 Registry Controller] 2010-08-18 07:11 121120 -c--a-w- c:\program files\Nuance\PDF Create 7\RegistryController.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook] 2010-08-18 07:11 1275168 ----a-w- c:\program files\Nuance\PDF Create 7\PdfCreate7Hook.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2013-03-14 18:26 286720 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2012-02-29 13:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2011-05-04 20:10 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector] 2003-11-18 21:20 45056 -c----w- c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\monitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "_IOMEGA_ACTIVE_DISK_SERVICE_"=2 (0x2) "mnmsrvc"=3 (0x3) "LightScribeService"=2 (0x2) "Iomega App Services"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcpswx.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= . R2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\DRIVERS\LANPkt.sys [x] R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-07-12 3289472] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856] R3 Diag69xp;Diag69xp;c:\windows\system32\Drivers\Diag69xp.sys [x] R3 MovRVDrv32;MovRVDrv32;c:\windows\system32\DRIVERS\MovRVDrv32.sys [2007-11-23 3768] R3 NetgearGA311;NETGEAR GA311 Gigabit Adapter Driver;c:\windows\system32\DRIVERS\G311N6.sys [2007-01-22 70144] R3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [x] R4 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe [x] S0 aswKbd;aswKbd; [x] S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2010-09-07 12112] S0 aswNdis2;avast! Firewall Core Firewall Service; [x] S0 aswRvrt;aswRvrt; [x] S0 aswVmm;aswVmm; [x] S1 aswFW;avast! TDI Firewall driver; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336] S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2013-05-09 137960] S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] S3 GT680xNT;Visioneer OneTouch 7300 Driver;c:\windows\system32\drivers\gt680x.sys [2003-08-29 17376] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856] S3 qic157;qic157;c:\windows\system32\DRIVERS\qic157.sys [2008-04-13 6016] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - TRUESIGHT *Deregistered* - TrueSight . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2013-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 16:49] . 2013-07-30 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-03 08:58] . 2013-07-30 c:\windows\Tasks\dsmonitor.job - c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2013-03-13 18:47] . 2013-07-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1214440339-1547161642-682003330-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47] . 2013-07-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1214440339-1547161642-682003330-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47] . . ------- Supplementary Scan ------- . uStart Page = about:blank IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML IE: Append to existing PDF file - c:\program files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Create PDF file - c:\program files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML Trusted Zone: adobe.com\www Trusted Zone: newport-pleasure.com\www Trusted Zone: sportsmansguide.com\www TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Customer\Application Data\Mozilla\Firefox\Profiles\5iz62msn.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) HKCU-Run-Evidence Eliminator - c:\progra~1\EVIDEN~1\ee.exe MSConfigStartUp-ADUserMon - c:\program files\Iomega\AutoDisk\ADUserMon.exe MSConfigStartUp-Deskup - c:\program files\Iomega\DriveIcons\deskup.exe MSConfigStartUp-Iomega Drive Icons - c:\program files\Iomega\DriveIcons\ImgIcon.exe MSConfigStartUp-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe MSConfigStartUp-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe MSConfigStartUp-SpyBlockerPro - c:\program files\SpyStopper Pro\spyblocker.exe MSConfigStartUp-SpyStopperPro - c:\program files\SpyStopper Pro\ssp.exe MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe MSConfigStartUp-VERIZONDM - c:\program files\VERIZONDM\bin\sprtcmd.exe AddRemove-Evidence Eliminator - c:\progra~1\EVIDEN~1\UNWISE.EXE AddRemove-HijackThis - f:\usb utilities\KEY BASIC PROGRAMS\A A For Customers\TrendMicro HiJackThis Ver2.0.2 for Win98-ME-2K-XP-Vista\HijackThis.exe AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-07-30 13:46 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2] "ImagePath"="\"\"" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1214440339-1547161642-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(1040) c:\windows\system32\relog_ap.dll . Completion time: 2013-07-30 13:50:47 ComboFix-quarantined-files.txt 2013-07-30 17:50 . Pre-Run: 20,505,600,000 bytes free Post-Run: 20,818,563,072 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 04A5E779D83B525D0DC6D13D3738A4F4 8F558EB6672622401DA993E1E865C861
  7. Here are the reports. RogueKiller V8.6.4 [Jul 29 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Customer [Admin rights] Mode : Scan -- Date : 07/30/2013 11:10:05 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DLL][sUSP PATH] HKLM\[...]\CCSet\[...]\Parameters : ServiceDll (C:\DOCUME~1\ALLUSE~1\APPLIC~1\User32.exe [x]) -> FOUND [HJ DLL][sUSP PATH] HKLM\[...]\CS001\[...]\Parameters : ServiceDll (C:\DOCUME~1\ALLUSE~1\APPLIC~1\User32.exe [x]) -> FOUND [HJ DLL][sUSP PATH] HKLM\[...]\CS003\[...]\Parameters : ServiceDll (C:\DOCUME~1\ALLUSE~1\APPLIC~1\User32.exe [x]) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] a2bcb2a57f3b18b406c510cc1e2baa00 [bSP] 119fa0530a051591b7682f4b5a0d7b88 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_07302013_111005.txt >> Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.30.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Customer :: CUSTOMER-F3E23B [administrator] Protection: Enabled 7/30/2013 10:48:15 AM mbam-log-2013-07-30 (10-48-15).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 237536 Time elapsed: 7 minute(s), 41 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  8. Yesterday caught a bug that locked up my computer. Restarted in safe mode, ran a quick scan and deleted it. This morning's flash scan found another and required a restart. This what the log says it found - Files Detected: 1 C:\Documents and Settings\Customer\Local Settings\Temp\User32.exe (Trojan.Winlock) -> Quarantined and deleted successfully. But now everything is running very slow and Avast Anti-Virus keeps trying to tell me to delete mbamswissarmy.sys. Here are the logs fromthe DDS tool. . ==== Installed Programs ====================== . 32 Bit HP CIO Components Installer 4500_G510gm_Help 4500G510gm 4500G510gm_Software_Min ACDSee 7.0 Acrobat.com Acronis True Image Home Adobe AIR Adobe Download Manager Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.2 Adobe Shockwave Player 11.5 Amazon MP3 Downloader 1.0.10 ArcSoft PhotoImpression 4 avast! Internet Security AVS Audio Converter version 4.1 AVS Audio Editor version 3.5 AVS Update Manager 1.0 AVS Video Converter 6 AVS4YOU Software Navigator 1.3 BufferChm Cisco Connect Destinations DeviceDiscovery DivX Setup dj_sf_software DocMgr DocProc DriverScanner Eudora Evidence Eliminator Fax FloorPlan 3D v8 Forté Agent Foxit Reader GPBaseService2 Hewlett-Packard ACLM.NET v1.1.0.0 HijackThis 2.0.2 Hollywood FX 5.5 Additional Effects Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP Document Manager 2.0 HP Imaging Device Functions 13.0 HP Officejet 4500 G510g-m HP Product Detection HP Smart Web Printing 4.5 HP Solution Center 13.0 HP Update HPProductAssistant HPSSupply Instant Deck Design Intel® Extreme Graphics 2 Driver Intel® PRO Network Connections Drivers Java 7 Update 25 Java Auto Updater LightScribe 1.4.42.1 LiveUpdate Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2833941) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Excel Viewer Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works 2000 Mozilla Firefox (3.6) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MSXML 6.0 Parser (KB925673) Napster for Windows Media Player Nero Suite NETGEAR GA311 Gigabit Adapter NETGEAR GA311 Smart Wizard Utility Network NTI DVD-Maker Nuance PDF Create 7 OCR Software by I.R.I.S. 13.0 OpenOffice.org 3.4.1 PaperPort 8.0 SE Pinnacle Hollywood FX for Studio Pinnacle PCI Performance Enhancer proDAD Heroglyph 1.0 QuickBooks Pro 2007 QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer RealUpgrade 1.1 Scan Scansoft PDF Create Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 7 (KB976325) Security Update for Windows Internet Explorer 7 (KB978207) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2761465) Security Update for Windows Internet Explorer 8 (KB2792100) Security Update for Windows Internet Explorer 8 (KB2797052) Security Update for Windows Internet Explorer 8 (KB2799329) Security Update for Windows Internet Explorer 8 (KB2809289) Security Update for Windows Internet Explorer 8 (KB2817183) Security Update for Windows Internet Explorer 8 (KB2829530) Security Update for Windows Internet Explorer 8 (KB2838727) Security Update for Windows Internet Explorer 8 (KB2846071) Security Update for Windows Internet Explorer 8 (KB2847204) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Media Encoder (KB2447961) Security Update for Windows Media Encoder (KB954156) Security Update for Windows Media Encoder (KB979332) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB2834904) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2753842) Security Update for Windows XP (KB2757638) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2778344) Security Update for Windows XP (KB2779030) Security Update for Windows XP (KB2780091) Security Update for Windows XP (KB2799494) Security Update for Windows XP (KB2802968) Security Update for Windows XP (KB2807986) Security Update for Windows XP (KB2808735) Security Update for Windows XP (KB2813170) Security Update for Windows XP (KB2813345) Security Update for Windows XP (KB2820197) Security Update for Windows XP (KB2820917) Security Update for Windows XP (KB2829361) Security Update for Windows XP (KB2834886) Security Update for Windows XP (KB2839229) Security Update for Windows XP (KB2845187) Security Update for Windows XP (KB2850851) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Skype Click to Call Skype™ 5.8 SmartWebPrinting SolutionCenter SoundMAX Spelling Dictionaries Support For Adobe Reader 8 Status Studio 9 Studio 9 Content CD/DVD Studio 9.4 Patch SupportSoft Assisted Service Symbols for FloorPlan v8 Toolbox TrayApp TurboCAD Designer v9.2 Ulead Photo Explorer 8.0 SE Basic UnloadSupport Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 7 (KB976749) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB978506) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2616676-v2) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) USB PC Camera (P Series) VC 9.0 Runtime VC80CRTRedist - 8.0.50727.6195 Visioneer OneTouch 7300 WebFldrs XP WebReg Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Installer Clean Up Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live OneCare safety scanner Windows Media Encoder 9 Series Windows Media Format 11 runtime Windows Media Player 11 Windows PowerShell 1.0 Windows Presentation Foundation Windows XP Service Pack 3 WinFax PRO Wondershare DVD Ripper Platinum(Build 3.2.40) WordPerfect Office 12 XML Paper Specification Shared Components Pack 1.0 . ==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2 Run by Customer at 10:03:17 on 2013-07-30 . ============== Running Processes ================ . C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Program Files\Alwil Software\Avast5\afwServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\wfxsnt40.exe C:\Program Files\Visioneer OneTouch\OneTouchMon.exe C:\Program Files\Alwil Software\Avast5\avastUI.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\PROGRA~1\EVIDEN~1\ee.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe C:\WINDOWS\system32\WFXSVC.EXE C:\Program Files\Symantec\WinFax\WFXMOD32.EXE C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\system32\svchost.exe -k HPService C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = about:blank BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: ZeonIEEventHelper Class: {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - c:\program files\nuance\pdf create 7\bin\ZeonIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Nuance PDF: {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - c:\program files\nuance\pdf create 7\bin\ZeonIEFavClient.dll TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [Evidence Eliminator] c:\progra~1\eviden~1\ee.exe /m uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg mRun: [WinFaxAppPortStarter] wfxsnt40.exe mRun: [Nuance PDF Create 7-reminder] "c:\program files\nuance\pdf create 7\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\pdf create 7\ereg\Ereg.ini" mRun: [OneTouch Monitor] c:\program files\visioneer onetouch\OneTouchMon.exe mRun: [indexSearch] c:\program files\scansoft\paperport\IndexSearch.exe mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABBAC0ATgAwADAAUQAzAC0AMABEAFUARwBTAC0AUQBEAFcATQBSAC0AMgBZADQAVgBLAC0AQgBDAEcAUgBFAA"&"inst=NwA2AC0ANQAwADYANgA0ADAANAAxADgALQBWAE8AUAArADMALQBVADkAMAArADEALQBYAE8AMwA2ACsAMQAtAE4AMQBEACsAMQAtAFQAQgA5ACsAMgAtAFAATAArADkA"&"prod=51"&"ver=9.0.872 uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: Append the content of the link to existing PDF file - c:\program files\nuance\pdf create 7\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Append the content of the selected links to existing PDF file - c:\program files\nuance\pdf create 7\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML IE: Append to existing PDF file - c:\program files\nuance\pdf create 7\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Create PDF file - c:\program files\nuance\pdf create 7\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: Create PDF file from the content of the link - c:\program files\nuance\pdf create 7\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: Create PDF files from the selected links - c:\program files\nuance\pdf create 7\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - c:\program files\qualcomm\eudora\EuShlExt.dll SEH: WinFax PRO IShellExecuteHook - {A213B520-C6C2-11d0-AF9D-008029E1027E} - c:\program files\symantec\winfax\WFXSEH32.DLL LSA: Authentication Packages = msv1_0 relog_ap . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\customer\application data\mozilla\firefox\profiles\5iz62msn.default\ FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ============= SERVICES / DRIVERS =============== . R? Diag69xp;Diag69xp R? LANPkt;Realtek LANPkt Protocol R? lxdc_device;lxdc_device R? MovRVDrv32;MovRVDrv32 R? NetgearGA311;NETGEAR GA311 Gigabit Adapter Driver R? SetupNTGLM7X;SetupNTGLM7X R? SkypeUpdate;Skype Updater S? aswFsBlk;aswFsBlk S? aswFW;avast! TDI Firewall driver S? aswKbd;aswKbd S? aswMonFlt;aswMonFlt S? aswNdis;avast! Firewall NDIS Filter Service S? aswNdis2;avast! Firewall Core Firewall Service S? aswRvrt;aswRvrt S? aswSnx;aswSnx S? aswSP;aswSP S? aswVmm;aswVmm S? avast! Antivirus;avast! Antivirus S? avast! Firewall;avast! Firewall S? GT680xNT;Visioneer OneTouch 7300 Driver S? MBAMProtector;MBAMProtector S? MBAMScheduler;MBAMScheduler S? MBAMService;MBAMService S? qic157;qic157 S? Skype C2C Service;Skype C2C Service . =============== Created Last 30 ================ . 2013-07-16 12:51:29 144896 ----a-w- c:\windows\system32\javacpl.cpl 2013-07-16 12:51:23 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-07-12 18:42:18 6129024 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll 2013-07-12 18:42:18 6129024 ----a-w- c:\program files\mozilla firefox\browser\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll . ==================== Find3M ==================== . 2013-07-16 12:51:05 867240 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-07-16 12:51:05 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-06-27 19:50:17 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-06-27 19:50:17 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-06-12 16:49:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-12 16:49:38 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-06-08 03:55:44 385024 ----a-w- c:\windows\system32\html.iec 2013-06-07 21:56:06 920064 ----a-w- c:\windows\system32\wininet.dll 2013-06-07 21:56:06 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-06-07 21:56:05 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll 2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys 2013-05-09 08:59:10 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-05-09 08:59:09 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-05-09 08:59:09 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2013-05-09 08:59:09 204784 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2013-05-09 08:59:08 104752 ----a-w- c:\windows\system32\drivers\aswFW.sys 2013-05-09 08:58:37 41664 ----a-w- c:\windows\avastSS.scr 2013-05-09 04:28:02 1543680 ------w- c:\windows\system32\wmvdecod.dll 2013-05-03 01:30:20 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-05-03 00:38:17 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe . ============= FINISH: 10:04:49.35 ===============
  9. Another update, just to see what would happen I checked off the "start protection module with windows" and did a re-boot. As expected it was eating up the memory but I gave it about 20 min's and it calmed down. But again, as long as I didn't try to open up any files or other programs. Also even after that the taskmgr.exe was fluctuating between 10 and 20% of CPU usage on a constant basis. I ran the logs again just in case. attach.txt CheckResults.txt dds.txt
  10. Well I did as you suggested but still have the same problem. So I unchecked the "start protection module with windows" and re-booted. After complete boot up I went to programs and started MB's. Initially it was eating up all the memory but after about 15-20 minutes it finally stopped. Here are the logs from after it stopped eating up the memory but was still open and without the "start protection module with windows" checked. However if I tried to open anything or start another program it would happen all over again. Something else odd, I am unable to check off the "enable malicious website blocking". It just won't check off??? attach.txt CheckResults.txt dds.txt
  11. Ok, I am confused. The exclusions were set, and still are in Avast. I know I'm no IT guy but even he's confused on how simply adding more memory could cause these problems. I will try reinstalling and re-setting the exclusions but I'm not holding out much hope at this point. I'll let you know what happens.
  12. Here are the new files. attach.txt CheckResults.txt dds.txt
  13. Ok, here are the logs. Also found out something else, under the protection tab in MB's if I uncheck the button for "start Malwarebytes with windows" then the problem goes away. attach.txt CheckResults.txt dds.txt
  14. Before I start running through the usual process I'd like to know why? What is the relationship between the program and the amount of RAM that could cause this problem? And why should we check for infections? I've run the program for years without so much as a hiccup. I add more RAM and that's when the problem started. Also, I wasn't hooked to the internet when I did this so we can't be talking about an infection slipping in somehow.
  15. I just installed more RAM. Running windows XP Pro SP3, all updated and optimized. Older computer so I just installed some more RAM and now whenever MB starts it is using up 90-100% of CPU!? I don't undertsand what could cause this. I am contemplating uninstalling MB, down loading and installing latest version. Also, MB just updated the version and database today before I did the memory upgrade, no problem until the new memory was installed.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.