Jump to content

MBAM freezing on Nlsdata000*.dlls moves arround.


Recommended Posts

Been working on this system for a week. Finally got a boot scan to complete, also some boot av scans completed but I have not got a scan to complete in safe or reg modes in MBAM or an antivirus program. They stop on different nsldata000*.dlls. Have to hard boot to get out.

Help

Link to post
Share on other sites

Thanks for the followup. System had "windows Vista Recovery" installed. I think I removed all the changes. Did boot scans for anti-virus finally got a couple to run but they were first stopping on the nlsdata000*.dlls. Tried to run Anti-virus scans in windows but they all would freeze the system. Avg, MS security, Kis, Avast, Coranti to name a few. All would freezeup. Avast bootscans would always freeze but It finnaly ran clean. Ran malwarebytes Anti-malware on quick and full never completed. In these scans they did find different infections. Not any of them real Bad. Almost all of the scans would stop on the \Windows\system32\nlsdata0009.dll file, but they have stopped on 0, 10, f, 9, a, c, d, networkmap.dll and probably a few I have missed.

I would always do a complete uninstall and clean after trying each new anti-virus or malware program. That is they were all installed on the system clean of any protection programs. I did find a non-standered MBR and replaced it.

Now I have gotten the Avira scanner to do a complete scan which came back with no infections. However, MBAM will not complete a scan in quick or full stopping on a .dll. I can boot and go to the indivdual file and select to can it for mal or virus and "9" will freeze the system, then reboot and rescan just that file and it will be clean. Try to scan additional files and one will freeze the system. Reboot and try "9" again and it will freeze the system on the next boot.

There is little to no help with the .dll files in the internet what there is is 80% trying to reinfect you!

Thanks again for the help.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_26

Run by Ken at 21:18:20 on 2011-07-15

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.1600 [GMT -5:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Coranti\Coranti 2010\Services\crndbtools.exe

C:\Program Files\Coranti\Coranti 2010\Services\crnscheduler32.exe

C:\Program Files\Coranti\Coranti 2010\Services\crnsysp32.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\Coranti\Coranti 2010\CorantiControlCenter32.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\msiexec.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\wuauclt.exe

C:\Windows\SoftwareDistribution\Download\Install\Prereqtool.exe

C:\0436ca8ee64be3fcb5584c8350\spclite.exe

C:\Windows\System32\wsqmcons.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\mcbuilder.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File

BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: QuickNet BHO: {ea5ca8b6-9b9c-4994-a7a1-947b6c631be7} - c:\program files\regtweaker\key.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Coranti] "c:\program files\coranti\coranti 2010\CrnLoader.exe"

mRun: [sMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

LSP: c:\program files\coranti\coranti 2010\services\crnlsp32.dll

DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUplden-us.cab

DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} - hxxp://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://games.bigfishgames.com/en_burger-shop/online/GoBitGamesPlayer_v4.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://aolsvc.aol.com/onlinegames/popinsaniquarium/popcaploader_v10.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{1C11AE53-28A5-4AC7-BA9F-CD4109D7856C} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{EA382873-D0BB-4356-AE22-77950303B6B0} : DhcpNameServer = 192.168.1.254

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\ken\appdata\roaming\mozilla\firefox\profiles\dz1c9mne.default\

FF - component: c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - Ext: The Browser Highlighter: browserhighlighter@ebay.com - c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

============= SERVICES / DRIVERS ===============

.

R0 crncache;Coranti Cache Driver;c:\windows\system32\drivers\crncache32.sys [2011-7-14 15160]

R0 crncore;crncore;c:\windows\system32\drivers\crncore.sys [2011-7-14 44344]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-7-11 64512]

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-7-5 16184]

R1 crnsyspdrv;crnsyspdrv;c:\windows\system32\drivers\crnsysp.sys [2011-7-14 54584]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]

R2 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [2008-1-23 501560]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-7-11 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-7-11 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-7-11 66616]

R2 crndbtools;Coranti Data Base Tools;c:\program files\coranti\coranti 2010\services\crndbtools.exe [2011-2-15 291128]

R2 crnscheduler;Coranti Scheduler;c:\program files\coranti\coranti 2010\services\crnscheduler32.exe [2011-2-15 201016]

R2 crnsyspsrv;Coranti System Protection Service;c:\program files\coranti\coranti 2010\services\crnsysp32.exe [2011-2-15 1487160]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-6-20 2151640]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-11 366640]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-6-12 24652]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-6-20 15232]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-11 22712]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-12-12 54632]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]

.

=============== Created Last 30 ================

.

2011-07-16 02:15:59 -------- d-----w- c:\users\ken\appdata\local\ElevatedDiagnostics

2011-07-16 02:14:15 -------- d-----w- C:\0436ca8ee64be3fcb5584c8350

2011-07-15 03:36:22 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2011-07-15 03:36:22 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2011-07-15 03:18:25 72704 ----a-w- c:\windows\system32\admparse.dll

2011-07-15 00:39:25 54584 ----a-w- c:\windows\system32\drivers\crnsysp.sys

2011-07-15 00:39:25 15160 ----a-w- c:\windows\system32\drivers\crncache32.sys

2011-07-15 00:39:23 -------- d-----w- c:\programdata\Coranti

2011-07-15 00:39:20 44344 ----a-w- c:\windows\system32\drivers\crncore.sys

2011-07-15 00:38:26 -------- d-----w- c:\program files\Coranti

2011-07-15 00:37:17 -------- d-----w- c:\program files\common files\Coranti

2011-07-15 00:10:26 -------- d-----w- c:\program files\FixCleaner

2011-07-15 00:09:55 -------- d-----w- c:\program files\Downloaded Installers

2011-07-14 21:18:23 2042368 ----a-w- c:\windows\system32\win32k.sys

2011-07-14 21:18:20 49152 ----a-w- c:\windows\system32\csrsrv.dll

2011-07-14 21:18:20 375808 ----a-w- c:\windows\system32\winsrv.dll

2011-07-11 22:31:29 -------- d-----w- c:\users\ken\appdata\roaming\Avira

2011-07-11 22:25:55 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-07-11 22:25:38 -------- d-----w- c:\programdata\Avira

2011-07-11 22:25:37 -------- d-----w- c:\program files\Avira

2011-07-11 22:17:30 -------- d-----w- c:\users\ken\appdata\local\Mozilla

2011-07-11 22:14:12 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-07-11 22:11:22 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-07-11 22:11:15 -------- d-----w- c:\program files\Lavasoft

2011-07-11 22:03:59 -------- d-----w- c:\users\ken\appdata\local\AskToolbar

2011-07-11 19:43:10 -------- d-----w- c:\users\ken\appdata\roaming\Malwarebytes

2011-07-11 19:42:58 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-11 19:42:58 -------- d-----w- c:\programdata\Malwarebytes

2011-07-11 19:42:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-11 19:42:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-11 18:41:37 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ecb8bdf8-587a-4463-8715-629d9e57426f}\MpKsled70b46b.sys

2011-07-11 01:56:26 -------- d-sh--w- C:\$RECYCLE.BIN

2011-07-11 01:39:36 98816 ----a-w- c:\windows\sed.exe

2011-07-11 01:39:36 518144 ----a-w- c:\windows\SWREG.exe

2011-07-11 01:39:36 256000 ----a-w- c:\windows\PEV.exe

2011-07-11 01:39:36 208896 ----a-w- c:\windows\MBR.exe

2011-07-09 22:26:37 -------- d-----w- C:\UBCD4Win

2011-07-09 20:30:04 -------- d-----w- C:\bd_logs

2011-07-09 18:07:56 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{91930727-b7ca-4aeb-a4fa-090fddc5d61e}\mpengine.dll

2011-07-08 00:02:51 -------- d-----w- c:\programdata\Common Files

2011-07-08 00:00:39 -------- d-----w- c:\programdata\AVG10

2011-07-07 23:58:07 -------- d-----w- c:\program files\AVG

2011-07-07 23:43:51 -------- d-----w- c:\programdata\MFAData

2011-07-07 23:29:16 200464 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2011-07-06 02:23:47 -------- d-----w- c:\programdata\AVAST Software

2011-07-06 02:23:47 -------- d-----w- c:\program files\AVAST Software

2011-07-06 01:05:05 -------- d-----w- c:\windows\Temp1A583ED9-3504-F533-5A16-F8508964AFD7-Signatures

2011-07-06 01:02:33 -------- d-----w- c:\program files\Microsoft Security Client

2011-07-05 23:02:05 7074640 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2011-07-05 23:01:08 7074640 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ecb8bdf8-587a-4463-8715-629d9e57426f}\mpengine.dll

2011-07-05 22:16:32 -------- d-----w- c:\windows\system32\EventProviders

2011-07-05 22:16:29 -------- d-----w- C:\7e8809df0fd1bb23d101c615de5419

2011-07-05 22:01:03 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2011-07-05 22:01:03 16184 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2011-07-05 21:59:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-07-05 20:39:30 -------- d-----w- c:\program files\Microsoft Security Essentials

2011-07-05 20:16:56 -------- d-----w- c:\program files\CCleaner

2011-07-05 20:07:57 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2011-07-05 20:07:57 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-07-05 20:02:33 58736 ----a-w- C:\symlcsv1.exe

2011-07-05 19:56:58 -------- d-----w- c:\programdata\PC Tools

2011-07-05 18:28:55 -------- d-----w- c:\program files\IObit

2011-07-05 18:01:41 -------- d-----w- c:\windows\pss

2011-06-28 22:16:10 276992 ----a-w- c:\windows\system32\schannel.dll

2011-06-16 02:40:51 146432 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-16 02:40:51 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-16 02:40:49 273408 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-16 02:40:47 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys

2011-06-16 02:40:43 563200 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-16 02:40:41 738816 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-16 02:40:40 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-16 02:40:39 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-06-16 02:40:39 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-06-16 02:40:36 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

.

==================== Find3M ====================

.

2011-05-10 13:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-05-10 13:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys

.

============= FINISH: 21:19:22.81 ===============

Attach.zip

Link to post
Share on other sites

  • Staff

Hi,

It's possible that your security software conflicts are causing the scan to not finish.

I notice that you are using more than one antivirus program (Lavasoft, Microsoft, and Antivir). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Thanks, Still having the same problem. Attach.zipRemoved the extra programs, was just using them for scanning. Have MS SE, spyware and malware installed now but disabled for the DDS and Combofix scans.

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_26

Run by Ken at 21:34:48 on 2011-07-18

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.2253 [GMT -5:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File

BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [sMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM

IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM

IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM

IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM

IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM

IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUplden-us.cab

DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} - hxxp://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://games.bigfishgames.com/en_burger-shop/online/GoBitGamesPlayer_v4.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://aolsvc.aol.com/onlinegames/popinsaniquarium/popcaploader_v10.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{1C11AE53-28A5-4AC7-BA9F-CD4109D7856C} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{EA382873-D0BB-4356-AE22-77950303B6B0} : DhcpNameServer = 192.168.1.254

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\ken\appdata\roaming\mozilla\firefox\profiles\dz1c9mne.default\

FF - component: c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - Ext: The Browser Highlighter: browserhighlighter@ebay.com - c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

============= SERVICES / DRIVERS ===============

.

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-7-5 16184]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]

R2 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [2008-1-23 501560]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-6-12 24652]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-12-12 54632]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]

.

=============== Created Last 30 ================

.

2011-07-19 02:17:55 -------- d-----w- c:\users\ken\appdata\local\temp

2011-07-19 02:17:05 -------- d-sh--w- C:\$RECYCLE.BIN

2011-07-19 01:14:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-19 01:02:55 7074640 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2011-07-19 01:01:43 7074640 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e0747992-7041-49a7-821e-9c617795500c}\mpengine.dll

2011-07-17 03:33:45 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{31ad27b9-ff9c-402c-b4f3-b1286906858a}\gapaengine.dll

2011-07-17 03:30:25 7074640 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll

2011-07-17 01:46:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-07-17 01:46:17 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-07-16 21:58:36 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e04cc0c1-be60-45ea-b8c5-0bda5702459e}\mpengine.dll

2011-07-16 02:59:23 -------- d-----w- c:\program files\ieSpell

2011-07-16 02:15:59 -------- d-----w- c:\users\ken\appdata\local\ElevatedDiagnostics

2011-07-15 03:36:22 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2011-07-15 03:36:22 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2011-07-15 03:19:30 7680 ----a-w- c:\program files\internet explorer\iecompat.dll

2011-07-15 00:39:23 -------- d-----w- c:\programdata\Coranti

2011-07-15 00:10:26 -------- d-----w- c:\program files\FixCleaner

2011-07-14 21:18:23 2042368 ----a-w- c:\windows\system32\win32k.sys

2011-07-14 21:18:20 49152 ----a-w- c:\windows\system32\csrsrv.dll

2011-07-14 21:18:20 375808 ----a-w- c:\windows\system32\winsrv.dll

2011-07-11 22:17:30 -------- d-----w- c:\users\ken\appdata\local\Mozilla

2011-07-11 22:14:12 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-07-11 22:11:15 -------- d-----w- c:\program files\Lavasoft

2011-07-11 22:03:59 -------- d-----w- c:\users\ken\appdata\local\AskToolbar

2011-07-11 19:43:10 -------- d-----w- c:\users\ken\appdata\roaming\Malwarebytes

2011-07-11 19:42:58 -------- d-----w- c:\programdata\Malwarebytes

2011-07-11 01:39:36 98816 ----a-w- c:\windows\sed.exe

2011-07-11 01:39:36 518144 ----a-w- c:\windows\SWREG.exe

2011-07-11 01:39:36 256000 ----a-w- c:\windows\PEV.exe

2011-07-11 01:39:36 208896 ----a-w- c:\windows\MBR.exe

2011-07-09 22:26:37 -------- d-----w- C:\UBCD4Win

2011-07-09 20:30:04 -------- d-----w- C:\bd_logs

2011-07-08 00:02:51 -------- d-----w- c:\programdata\Common Files

2011-07-08 00:00:39 -------- d-----w- c:\programdata\AVG10

2011-07-07 23:58:07 -------- d-----w- c:\program files\AVG

2011-07-07 23:43:51 -------- d-----w- c:\programdata\MFAData

2011-07-07 23:29:16 200464 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2011-07-06 02:23:47 -------- d-----w- c:\programdata\AVAST Software

2011-07-06 02:23:47 -------- d-----w- c:\program files\AVAST Software

2011-07-06 01:05:05 -------- d-----w- c:\windows\Temp1A583ED9-3504-F533-5A16-F8508964AFD7-Signatures

2011-07-06 01:02:33 -------- d-----w- c:\program files\Microsoft Security Client

2011-07-05 22:16:32 -------- d-----w- c:\windows\system32\EventProviders

2011-07-05 22:16:29 -------- d-----w- C:\7e8809df0fd1bb23d101c615de5419

2011-07-05 22:01:03 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2011-07-05 22:01:03 16184 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2011-07-05 21:59:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-07-05 20:16:56 -------- d-----w- c:\program files\CCleaner

2011-07-05 20:07:57 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2011-07-05 20:07:57 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-07-05 20:02:33 58736 ----a-w- C:\symlcsv1.exe

2011-07-05 19:56:58 -------- d-----w- c:\programdata\PC Tools

2011-07-05 18:28:55 -------- d-----w- c:\program files\IObit

2011-07-05 18:01:41 -------- d-----w- c:\windows\pss

2011-06-28 22:16:10 276992 ----a-w- c:\windows\system32\schannel.dll

.

==================== Find3M ====================

.

2011-05-28 06:08:58 916480 ----a-w- c:\windows\system32\wininet.dll

2011-05-28 06:04:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-05-28 06:04:17 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-05-28 06:04:03 71680 ----a-w- c:\windows\system32\iesetup.dll

2011-05-28 06:04:03 109056 ----a-w- c:\windows\system32\iesysprep.dll

2011-05-28 05:10:26 385024 ----a-w- c:\windows\system32\html.iec

2011-05-28 04:33:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2011-05-28 04:31:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-05-10 13:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-05-10 13:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2011-05-02 15:58:28 738816 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 12:49:57 146432 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-04-29 12:49:55 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-04-29 12:49:51 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-04-29 12:49:44 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-04-29 12:49:35 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-21 13:16:42 273408 ----a-w- c:\windows\system32\drivers\afd.sys

.

============= FINISH: 21:36:29.66 ===============

Link to post
Share on other sites

  • Staff

Hi,

Just saw this:

Please see:

HijackThis Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

This goes for Limewire and anything else you have installed.

Link to post
Share on other sites

Installed and updated MBAM. Quickscan stopped/locked up on NLSDATA000f.dll. Booted into safe copied f to desktop, did individual scan on C:/windows/system32/nlsdata000f.dll was clean. Tried an individual scan on nlsdata0010.dll stopped and locked the computer. Booted to normal windows ran DDs and here are the results.

thanks

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_26

Run by Ken at 12:15:40 on 2011-07-26

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.2228 [GMT -5:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [sMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM

IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM

IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM

IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM

IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM

IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUplden-us.cab

DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} - hxxp://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://games.bigfishgames.com/en_burger-shop/online/GoBitGamesPlayer_v4.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://aolsvc.aol.com/onlinegames/popinsaniquarium/popcaploader_v10.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{1C11AE53-28A5-4AC7-BA9F-CD4109D7856C} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{EA382873-D0BB-4356-AE22-77950303B6B0} : DhcpNameServer = 192.168.1.254

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\ken\appdata\roaming\mozilla\firefox\profiles\dz1c9mne.default\

FF - component: c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - Ext: The Browser Highlighter: browserhighlighter@ebay.com - c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-7-5 16184]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]

R1 MpKsl980da221;MpKsl980da221;c:\programdata\microsoft\microsoft antimalware\definition updates\{ef2cdc1c-3b18-4d90-aaf5-127d3710d2ca}\MpKsl980da221.sys [2011-7-26 28752]

R1 MpKslf5e4ddbd;MpKslf5e4ddbd;c:\programdata\microsoft\microsoft antimalware\definition updates\{ef2cdc1c-3b18-4d90-aaf5-127d3710d2ca}\MpKslf5e4ddbd.sys [2011-7-26 28752]

R2 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [2008-1-23 501560]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-12-12 54632]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-7-26 41272]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]

S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-6-12 24652]

.

=============== Created Last 30 ================

.

2011-07-26 17:13:05 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ef2cdc1c-3b18-4d90-aaf5-127d3710d2ca}\MpKsl980da221.sys

2011-07-26 17:03:32 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-26 17:03:27 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-26 17:03:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-26 17:00:40 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ef2cdc1c-3b18-4d90-aaf5-127d3710d2ca}\MpKslf5e4ddbd.sys

2011-07-26 17:00:06 6881616 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ef2cdc1c-3b18-4d90-aaf5-127d3710d2ca}\mpengine.dll

2011-07-22 22:04:41 -------- d-----w- C:\51d7d4db51b0d3d97a37

2011-07-22 21:30:09 -------- d-----w- C:\f600363e6b01cc3865c42827f09dbd

2011-07-22 21:30:02 -------- d-----w- c:\windows\CheckSur

2011-07-22 21:03:28 -------- d-----w- c:\windows\system32\catroot2

2011-07-22 18:52:39 -------- d-----w- c:\windows\system32\catroot2old

2011-07-22 18:52:06 -------- d-----w- C:\e1b22f70a7bc35403ba8

2011-07-22 18:49:26 -------- d-----w- c:\windows\sdold

2011-07-22 18:32:30 -------- d-----w- c:\users\ken\appdata\local\Apple

2011-07-22 17:59:17 -------- d-----w- c:\programdata\ErrorEND

2011-07-19 02:17:55 -------- d-----w- c:\users\ken\appdata\local\temp

2011-07-19 02:17:05 -------- d-sh--w- C:\$RECYCLE.BIN

2011-07-19 01:14:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-19 01:02:55 6881616 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2011-07-17 03:33:45 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{31ad27b9-ff9c-402c-b4f3-b1286906858a}\gapaengine.dll

2011-07-17 03:30:25 7074640 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll

2011-07-17 01:46:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-07-17 01:46:17 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-07-16 21:58:36 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e04cc0c1-be60-45ea-b8c5-0bda5702459e}\mpengine.dll

2011-07-16 02:59:23 -------- d-----w- c:\program files\ieSpell

2011-07-16 02:15:59 -------- d-----w- c:\users\ken\appdata\local\ElevatedDiagnostics

2011-07-15 03:36:22 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2011-07-15 03:36:22 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2011-07-15 03:19:30 7680 ----a-w- c:\program files\internet explorer\iecompat.dll

2011-07-15 00:39:23 -------- d-----w- c:\programdata\Coranti

2011-07-15 00:10:26 -------- d-----w- c:\program files\FixCleaner

2011-07-14 21:18:23 2042368 ----a-w- c:\windows\system32\win32k.sys

2011-07-14 21:18:20 49152 ----a-w- c:\windows\system32\csrsrv.dll

2011-07-14 21:18:20 375808 ----a-w- c:\windows\system32\winsrv.dll

2011-07-11 22:17:30 -------- d-----w- c:\users\ken\appdata\local\Mozilla

2011-07-11 22:14:12 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-07-11 22:11:15 -------- d-----w- c:\program files\Lavasoft

2011-07-11 19:43:10 -------- d-----w- c:\users\ken\appdata\roaming\Malwarebytes

2011-07-11 19:42:58 -------- d-----w- c:\programdata\Malwarebytes

2011-07-11 01:39:36 98816 ----a-w- c:\windows\sed.exe

2011-07-11 01:39:36 518144 ----a-w- c:\windows\SWREG.exe

2011-07-11 01:39:36 256000 ----a-w- c:\windows\PEV.exe

2011-07-11 01:39:36 208896 ----a-w- c:\windows\MBR.exe

2011-07-09 20:30:04 -------- d-----w- C:\bd_logs

2011-07-08 00:02:51 -------- d-----w- c:\programdata\Common Files

2011-07-08 00:00:39 -------- d-----w- c:\programdata\AVG10

2011-07-07 23:58:07 -------- d-----w- c:\program files\AVG

2011-07-07 23:43:51 -------- d-----w- c:\programdata\MFAData

2011-07-07 23:29:16 200464 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2011-07-06 02:23:47 -------- d-----w- c:\programdata\AVAST Software

2011-07-06 02:23:47 -------- d-----w- c:\program files\AVAST Software

2011-07-06 01:05:05 -------- d-----w- c:\windows\Temp1A583ED9-3504-F533-5A16-F8508964AFD7-Signatures

2011-07-06 01:02:33 -------- d-----w- c:\program files\Microsoft Security Client

2011-07-05 22:16:32 -------- d-----w- c:\windows\system32\EventProviders

2011-07-05 22:16:29 -------- d-----w- C:\7e8809df0fd1bb23d101c615de5419

2011-07-05 22:01:03 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2011-07-05 22:01:03 16184 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2011-07-05 21:59:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-07-05 20:16:56 -------- d-----w- c:\program files\CCleaner

2011-07-05 20:07:57 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2011-07-05 20:07:57 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-07-05 20:02:33 58736 ----a-w- C:\symlcsv1.exe

2011-07-05 19:56:58 -------- d-----w- c:\programdata\PC Tools

2011-07-05 18:28:55 -------- d-----w- c:\program files\IObit

2011-07-05 18:01:41 -------- d-----w- c:\windows\pss

2011-06-28 22:16:10 276992 ----a-w- c:\windows\system32\schannel.dll

.

==================== Find3M ====================

.

2011-05-28 06:08:58 916480 ----a-w- c:\windows\system32\wininet.dll

2011-05-28 06:04:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-05-28 06:04:17 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-05-28 06:04:03 71680 ----a-w- c:\windows\system32\iesetup.dll

2011-05-28 06:04:03 109056 ----a-w- c:\windows\system32\iesysprep.dll

2011-05-28 05:10:26 385024 ----a-w- c:\windows\system32\html.iec

2011-05-28 04:33:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2011-05-28 04:31:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-05-10 13:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-05-10 13:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2011-05-02 15:58:28 738816 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 12:49:57 146432 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-04-29 12:49:55 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-04-29 12:49:51 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-04-29 12:49:44 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-04-29 12:49:35 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

.

============= FINISH: 12:17:24.82 ===============

Attach.zip

Link to post
Share on other sites

Tried to zip all into one file. Locked up midway thru. Tried to copy file from linux boot up disc. Locked up on copy. Said it could not read the file after 3%.

Still moving around. Can scan in normal or safe, lock up on a file. Boot go to system32 folder, scan the same individual file that locked up just before and it will scan OK. MS Security essentials or Malwarebytes. Select a group of nls files and it will lock up on one of them. Have selected all but the one that I thought was corrupt and they scanned OK.

I could copy all of the files to another location one by one or in groups and when I get to the one that locks up reboot and see if I can copy it after the reboot until I get all of the NLS files copied clean? Do not know what good the clean files would do for you.

File sizes and origin date are staying the same, before it locks up and after it locks up.

Feel like a fresh install but I will stay with it if you will. Got my interest up.

Ken

Link to post
Share on other sites

  • Staff

In the meantime, click Start --> Run, enter cmd.exe, and press Enter

In the black box that appears, enter this command exactly as shown:

chkdsk>"%userprofile%\desktop\chkdsk.txt"

Press Enter.

When it finishes, open chkdsk.txt on your Desktop and post its contents here.

-screen317

Link to post
Share on other sites

  • Staff

Hi,

Looks like your hard drive is beginning to fail.

Try chkdsk /r instead of /f and see if that makes a difference.

If no joy, create a ProcessMonitor Log:

  • Please download ProcessMonitor from here and save it to your desktop
  • Double-click on Procmon.exe to run it
  • Open Malwarebytes' Anti-Malware and click on the Settings tab and make sure that Always scan registry opjects. is checked
  • In Process Monitor, click on File at the top and select Backing Files...
  • Click the circle to the left of Use file named: and click the ... button
  • Browse to your desktop and type MBAM Log in the File name: box and click Save
  • Close Process Monitor and then open it again so that it begins saving the log files to the location you selected
  • Start a scan with Malwarebytes' Anti-Malware and when it freezes, try closing MBAM by ending its process in Task Manager or by whatever means you used previously to terminate it.
  • Now, right-click on the MBAM Log file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
    • Note: There may be more than one log created depending on the duration of the scan, please zip them all

    [*]Attach the MBAM Log.zip file you just created to your next reply.

Link to post
Share on other sites

Tried the chkdsk /r twice, it locked up 10% through the file check, same place. Ran a MBAM quick check locked up on "D". The zipped files are 100MB 90MB and 9.5 MB and I am out of my Global limit. Could not attach. Tried opening the files were corrupt. When system locks on a scan the mouse can move for a while but Task manager can not open nor any other program. Programs become non responding and before long the pointer stops moving. Harh boot is the only way to reboot. I guess the .pml file were not closed properly. Error message from process monitor is that the file were not closed cleanly. Can try again the scan only took 2.5 min till it stopped.

Link to post
Share on other sites

Did a disk copy to a new drive, several clusters would not copy. Installed new drive and was able to run all scans clean. All of the nls's files were still present. System running fine after multiple scans. I just need to clean it up now.

Thanks for all the help, thought I have a bug looks like just a bad hard drive.

Thanks again

Ken

Do you want the old drive. :lol:

Link to post
Share on other sites

  • 3 weeks later...
  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.