Jump to content

Bad ug

dbailey18
 Share

Recommended Posts

dbailey18

dbailey18

Posted
Posted

I have been on this problem for two days, second time I have tried to post here with the first one aserver error ! Have run everthing I can think of to get rid if this before I came here and deceided to run some big guns with some expert help. What ever I run is terminated within a few seconds even GMER but have not run GMER in safe mode yet I have copied and pasted what I can on my system as the other system will diconnect at some time while using it and did not want to chance it . I hope I can have someone here help me out on this BAD BUG .

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Backup at 10:30:30 on 2011-10-02

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1676 [GMT -4:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

svchost.exe

svchost.exe

C:\WINDOWS\3312974226:1829144634.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\PixArt\PAC7302\Monitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\PROGRA~1\HP\DIGITA~1\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Page_URL = hxxp://www.msn.com

uWindow Title = Internet Explorer, optimized for Bing and MSN

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [intelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

LSP: mswsock.dll

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231283044828

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{888D03B9-A843-41F5-A6B0-CD61DA206D06} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{9C87227F-D566-46C7-A232-398CC2149FF9} : DhcpNameServer = 209.18.47.61 209.18.47.62

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

============= SERVICES / DRIVERS ===============

.

R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2009-5-8 15172]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008]

S2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-1-12 810144]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]

.

=============== Created Last 30 ================

.

2011-10-02 13:14:32 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-02 13:14:23 -------- d-----w- c:\documents and settings\backup.laptop.000\application data\Malwarebytes

2011-10-02 13:14:12 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-02 02:03:44 -------- d--h--w- c:\windows\system32\GroupPolicy

2011-10-02 02:02:40 -------- d-----w- c:\documents and settings\backup.laptop.000\local settings\application data\PCHealth

2011-10-02 01:39:18 -------- d-----w- C:\539e8e2e51e11ca3c47db889

2011-10-02 00:59:13 -------- d-----w- c:\documents and settings\backup.laptop.000\application data\ElevatedDiagnostics

2011-10-01 23:58:53 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2011-10-01 23:58:49 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2011-10-01 23:58:47 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll

2011-10-01 23:58:43 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe

2011-10-01 23:58:38 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe

2011-10-01 23:58:12 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe

2011-10-01 23:58:01 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys

2011-10-01 23:58:00 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys

2011-10-01 23:57:55 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys

2011-10-01 23:57:53 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll

2011-10-01 23:57:31 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys

2011-10-01 23:57:28 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys

2011-10-01 23:57:23 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys

2011-10-01 23:57:12 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys

2011-10-01 23:57:05 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll

2011-10-01 23:55:56 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys

2011-10-01 23:55:51 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys

2011-10-01 23:55:44 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys

2011-10-01 23:55:39 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys

2011-10-01 23:55:35 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys

2011-10-01 23:55:30 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys

2011-10-01 23:55:25 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys

2011-10-01 23:55:21 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys

2011-10-01 23:55:16 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys

2011-10-01 23:55:12 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys

2011-10-01 23:55:09 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys

2011-10-01 23:55:07 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys

2011-10-01 23:55:05 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys

2011-10-01 23:54:58 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll

2011-10-01 23:54:54 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll

2011-10-01 23:54:50 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll

2011-10-01 23:54:45 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll

2011-10-01 23:54:41 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll

2011-10-01 23:54:37 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys

2011-10-01 23:54:32 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll

2011-10-01 23:54:28 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll

2011-10-01 23:54:24 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll

2011-10-01 23:54:19 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll

2011-10-01 23:54:13 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys

2011-10-01 23:54:00 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys

2011-10-01 23:52:56 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys

2011-10-01 23:52:52 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll

2011-10-01 23:52:50 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys

2011-10-01 23:52:45 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys

2011-10-01 23:52:41 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys

2011-10-01 23:52:29 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys

2011-10-01 23:52:24 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys

2011-10-01 23:52:20 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys

2011-10-01 23:52:16 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll

2011-10-01 23:52:09 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll

2011-10-01 23:52:05 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys

2011-10-01 23:52:01 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys

2011-10-01 23:51:57 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll

2011-10-01 23:51:53 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll

2011-10-01 23:51:49 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll

2011-10-01 23:51:45 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll

2011-10-01 23:51:40 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll

2011-10-01 23:51:36 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll

2011-10-01 23:51:31 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys

2011-10-01 23:51:27 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys

2011-10-01 23:51:20 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys

2011-10-01 23:51:15 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll

2011-10-01 23:51:04 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll

2011-10-01 23:49:59 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys

2011-10-01 23:48:57 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys

2011-10-01 23:48:52 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll

2011-10-01 23:48:48 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys

2011-10-01 23:48:32 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys

2011-10-01 23:48:28 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys

2011-10-01 23:48:24 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys

2011-10-01 23:48:20 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll

2011-10-01 23:48:16 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys

2011-10-01 23:48:10 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys

2011-10-01 23:48:06 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys

2011-10-01 23:46:59 210496 -c--a-w- c:\windows\system32\dllcache\s3mvirge.dll

2011-10-01 23:45:56 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys

2011-10-01 23:45:51 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll

2011-10-01 23:45:38 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys

2011-10-01 23:45:32 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys

2011-10-01 23:45:29 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys

2011-10-01 23:45:24 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll

2011-10-01 23:45:21 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys

2011-10-01 23:45:12 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys

2011-10-01 23:45:06 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys

2011-10-01 23:45:03 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys

2011-10-01 23:43:51 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll

2011-10-01 23:42:58 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe

2011-10-01 23:41:53 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys

2011-10-01 23:41:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys

2011-10-01 23:41:44 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys

2011-10-01 23:41:42 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys

2011-10-01 23:41:37 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys

2011-10-01 23:41:34 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys

2011-10-01 23:41:28 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys

2011-10-01 23:41:21 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys

2011-10-01 23:41:15 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys

2011-10-01 23:41:11 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys

2011-10-01 23:41:08 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll

2011-10-01 23:41:04 15872 -c--a-w- c:\windows\system32\dllcache\ne2000.sys

2011-10-01 23:39:59 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys

2011-10-01 23:39:53 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys

2011-10-01 23:39:44 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys

2011-10-01 23:39:42 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys

2011-10-01 23:39:26 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys

2011-10-01 23:39:22 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys

2011-10-01 23:39:20 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys

2011-10-01 23:38:55 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys

2011-10-01 23:38:49 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys

2011-10-01 23:38:42 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys

2011-10-01 23:38:36 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys

2011-10-01 23:38:32 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll

2011-10-01 23:38:30 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys

2011-10-01 23:38:26 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll

2011-10-01 23:38:23 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys

2011-10-01 23:38:13 164586 -c--a-w- c:\windows\system32\dllcache\mdgndis5.sys

2011-10-01 23:38:07 7424 -c--a-w- c:\windows\system32\dllcache\mammoth.sys

2011-10-01 23:38:02 48768 -c--a-w- c:\windows\system32\dllcache\maestro.sys

2011-10-01 23:36:57 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll

2011-10-01 23:36:57 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll

2011-10-01 23:36:43 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll

2011-10-01 23:36:40 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll

2011-10-01 23:36:26 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll

2011-10-01 23:36:23 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll

2011-10-01 23:36:19 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll

2011-10-01 23:36:16 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll

2011-10-01 23:36:07 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys

2011-10-01 23:36:04 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys

2011-10-01 23:36:03 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll

2011-10-01 23:36:00 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys

2011-10-01 23:36:00 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe

2011-10-01 23:35:59 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys

2011-10-01 23:35:53 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys

2011-10-01 23:35:50 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll

2011-10-01 23:35:46 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys

2011-10-01 23:35:43 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys

2011-10-01 23:35:11 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll

2011-10-01 23:35:08 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys

2011-10-01 23:35:05 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll

2011-10-01 23:35:02 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll

2011-10-01 23:33:58 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys

2011-10-01 23:32:58 93696 -c--a-w- c:\windows\system32\dllcache\hpgt42.dll

2011-10-01 23:31:59 454912 -c--a-w- c:\windows\system32\dllcache\fxusbase.sys

2011-10-01 23:30:57 34816 -c--a-w- c:\windows\system32\dllcache\esuimg.dll

2011-10-01 23:29:59 66591 -c--a-w- c:\windows\system32\dllcache\el90xbc5.sys

2011-10-01 23:28:59 102484 -c--a-w- c:\windows\system32\dllcache\digiinf.dll

2011-10-01 23:27:59 175104 -c--a-w- c:\windows\system32\dllcache\csamsp.dll

2011-10-01 23:26:43 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys

2011-10-01 23:25:59 96128 -c--a-w- c:\windows\system32\dllcache\ati.dll

2011-10-01 23:24:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll

2011-10-01 21:57:09 -------- d--h--w- c:\windows\PIF

2011-10-01 21:35:09 -------- d-----w- c:\documents and settings\backup.laptop.000\local settings\application data\FixItCenter

2011-10-01 21:32:02 -------- d-----w- c:\windows\MATS

2011-10-01 21:32:01 -------- d-----w- c:\program files\Microsoft Fix it Center

2011-10-01 20:54:25 -------- d-----w- c:\documents and settings\backup.laptop.000\application data\WinPatrol

2011-10-01 02:44:14 -------- d-----w- c:\documents and settings\backup.laptop.000\local settings\application data\ESET

2011-10-01 02:44:14 -------- d-----w- c:\documents and settings\backup.laptop.000\application data\ESET

2011-10-01 02:42:48 -------- d-----w- c:\program files\ESET

2011-10-01 02:38:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-01 02:05:17 -------- d-----w- c:\documents and settings\backup.laptop.000\local settings\application data\Temp

2011-10-01 02:05:17 -------- d-----w- c:\documents and settings\backup.laptop.000\local settings\application data\Adobe

2011-09-30 01:03:07 -------- d-----w- c:\program files\Trend Micro

2011-09-30 00:34:10 -------- d-----w- c:\documents and settings\all users\application data\InstallMate

2011-09-29 11:01:05 -------- d-sh--w- c:\documents and settings\backup.laptop.000\IECompatCache

2011-09-29 10:50:24 -------- d-sh--w- c:\documents and settings\backup.laptop.000\PrivacIE

2011-09-29 10:48:20 -------- d-sh--w- c:\documents and settings\backup.laptop.000\IETldCache

2011-09-29 10:35:38 -------- d-----w- c:\program files\CCleaner

2011-09-24 18:16:25 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-09-24 18:16:25 -------- d-----w- c:\windows\system32\wbem\Repository

2011-09-22 00:17:22 -------- d-----w- c:\program files\FMS(2)

2011-09-22 00:08:15 -------- d-----w- c:\program files\DealRunner

2011-09-22 00:07:58 -------- d-----w- c:\program files\Shop to Win 9

2011-09-22 00:07:57 -------- d-----w- c:\program files\Shop To Win

2011-09-22 00:07:20 -------- d-----w- c:\program files\StartNow Toolbar

2011-09-13 22:53:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-05 17:04:56 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

.

==================== Find3M ====================

.

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\crypt32(3).dll

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

.

============= FINISH: 10:31:48.04 ===============

attach.zip

Link to post
Share on other sites
dbailey18

dbailey18

Posted
  • Author
Posted

After removing the entry System boots somewhat faster and befor I would get an error that read;

Instruction at "0x00E21158" referenced mamory at "0x0000000c". The memory couldnot be "read." Which I no longer get at boot up now . Happened every time I would boot up and would also have a check disk run at start up with Windows telling me that it could not acess drive and close right back out to the log on screen. Have not checked much else yet as I'm running some more scans as now I am able to where as before everything would just close out right after I would install the scanners and not allowing me to do anything. I will run GMER later or atleast try and if I have to rename the file also if it will not run straight from the downloaded file the first time and try that route. Windows update was also blocked and as was Windows Firewall which I am not real fond of anyway. Would always get an error say the ICS would need to be started and after allowing windows to giver er a go well it just would not start up. Windows firewall that is. Hope I have give some one some more info that might help you help me as I sure could use some and will be back later I hope with the GMER file's.

Link to post
Share on other sites
dbailey18

dbailey18

Posted
  • Author
Posted

Hello someone, I have managed to get this laptop somewhat usuable as this is where I'm posting from now or atleast at the present. I have been able to turn the ICS back on and Windows firewall is up also along with windows updates . I just have a problem with one update at the present time and it is KB890830 Windows software removel tool. Have tried to install it atleast ten times from the system and also from the Windows update tab in IE. No go ? Have even downloaded the file and tried it that way also but still no go. I am going to copy and past some new updated logs, "dds" and attach the the two txt logs "attach.txt" and "ark.txt" which are also fresh that are required for some help here.If there is something else need please let me know.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Backup at 19:31:08 on 2011-10-04

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1526 [GMT -4:00]

.

AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\PixArt\PAC7302\Monitor.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Page_URL = hxxp://www.msn.com

uWindow Title = Internet Explorer, optimized for Bing and MSN

uURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [intelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless

mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

LSP: mswsock.dll

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231283044828

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{888D03B9-A843-41F5-A6B0-CD61DA206D06} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{9C87227F-D566-46C7-A232-398CC2149FF9} : DhcpNameServer = 209.18.47.61 209.18.47.62

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

============= SERVICES / DRIVERS ===============

.

R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2009-5-8 15172]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-4 36000]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-4 86224]

R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-10-4 110032]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-4 74640]

S2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-1-12 810144]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\46.tmp --> c:\windows\system32\46.tmp [?]

.

=============== Created Last 30 ================

.

2011-10-04 15:31:34 -------- d-----w- c:\documents and settings\backup.laptop.000\local settings\application data\FixItCenter

2011-10-04 15:25:27 -------- d-----w- c:\windows\MATS

2011-10-04 15:25:26 -------- d-----w- c:\program files\Microsoft Fix it Center

2011-10-04 14:51:04 -------- d-----w- c:\windows\system32\CatRoot2

2011-10-04 12:19:01 -------- d-----w- c:\documents and settings\backup.laptop.000\application data\Avira

2011-10-04 12:18:03 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-10-04 12:18:03 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2011-10-04 12:18:01 -------- d-----w- c:\program files\Avira

2011-10-04 12:18:01 -------- d-----w- c:\documents and settings\all users\application data\Avira

2011-10-04 09:58:20 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-04 09:58:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-04 00:57:25 56400 ----a-w- c:\windows\system32\drivers\tmrkb.sys

2011-10-02 19:16:33 -------- d-----w- c:\program files\Trend Micro

2011-10-02 18:54:30 -------- d-----w- c:\documents and settings\all users\application data\Norton

2011-10-02 18:54:26 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller

2011-10-02 18:15:58 -------- d-----w- c:\program files\Microsoft ATS

2011-10-02 16:39:33 -------- d-----w- c:\program files\Sophos

2011-10-02 16:23:04 -------- d-----w- c:\documents and settings\backup.laptop.000\application data\f-secure

2011-10-02 16:22:42 -------- d-----w- c:\documents and settings\all users\application data\F-Secure

2011-10-02 15:43:19 -------- d-----w- c:\program files\Unlocker

2011-10-02 13:14:23 -------- d-----w- c:\documents and settings\backup.laptop.000\application data\Malwarebytes

2011-10-02 02:03:44 -------- d--h--w- c:\windows\system32\GroupPolicy

2011-10-02 02:02:40 -------- d-----w- c:\documents and settings\backup.laptop.000\local settings\application data\PCHealth

2011-10-02 01:39:18 -------- d-----w- C:\539e8e2e51e11ca3c47db889

2011-10-02 00:59:13 -------- d-----w- c:\documents and settings\backup.laptop.000\application data\ElevatedDiagnostics

2011-10-01 23:58:53 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2011-10-01 23:58:49 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2011-10-01 23:58:47 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll

2011-10-01 23:58:43 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe

2011-10-01 23:58:38 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe

2011-10-01 23:58:12 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe

2011-10-01 23:58:01 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys

2011-10-01 23:58:00 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys

2011-10-01 23:57:55 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys

2011-10-01 23:57:53 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll

2011-10-01 23:57:31 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys

2011-10-01 23:57:28 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys

2011-10-01 23:57:23 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys

2011-10-01 23:57:12 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys

2011-10-01 23:57:05 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll

2011-10-01 23:55:56 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys

2011-10-01 23:55:51 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys

2011-10-01 23:55:44 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys

2011-10-01 23:55:39 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys

2011-10-01 23:55:35 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys

2011-10-01 23:55:30 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys

2011-10-01 23:55:25 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys

2011-10-01 23:55:21 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys

2011-10-01 23:55:16 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys

2011-10-01 23:55:12 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys

2011-10-01 23:55:09 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys

2011-10-01 23:55:07 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys

2011-10-01 23:55:05 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys

2011-10-01 23:54:58 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll

2011-10-01 23:54:54 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll

2011-10-01 23:54:50 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll

2011-10-01 23:54:45 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll

2011-10-01 23:54:41 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll

2011-10-01 23:54:37 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys

2011-10-01 23:54:32 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll

2011-10-01 23:54:28 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll

2011-10-01 23:54:24 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll

2011-10-01 23:54:19 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll

2011-10-01 23:54:13 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys

2011-10-01 23:54:00 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys

2011-10-01 23:52:56 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys

2011-10-01 23:52:52 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll

2011-10-01 23:52:50 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys

2011-10-01 23:52:45 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys

2011-10-01 23:52:41 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys

2011-10-01 23:52:29 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys

2011-10-01 23:52:24 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys

2011-10-01 23:52:20 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys

2011-10-01 23:52:16 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll

2011-10-01 23:52:09 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll

2011-10-01 23:52:05 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys

2011-10-01 23:52:01 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys

2011-10-01 23:51:57 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll

2011-10-01 23:51:53 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll

2011-10-01 23:51:49 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll

2011-10-01 23:51:45 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll

2011-10-01 23:51:40 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll

2011-10-01 23:51:36 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll

2011-10-01 23:51:31 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys

2011-10-01 23:51:27 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys

2011-10-01 23:51:20 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys

2011-10-01 23:51:15 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll

2011-10-01 23:51:04 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll

2011-10-01 23:49:59 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys

2011-10-01 23:48:57 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys

2011-10-01 23:48:52 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll

2011-10-01 23:48:48 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys

2011-10-01 23:48:32 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys

2011-10-01 23:48:28 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys

2011-10-01 23:48:24 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys

2011-10-01 23:48:20 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll

2011-10-01 23:48:16 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys

2011-10-01 23:48:10 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys

2011-10-01 23:48:06 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys

2011-10-01 23:46:59 210496 -c--a-w- c:\windows\system32\dllcache\s3mvirge.dll

2011-10-01 23:45:56 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys

2011-10-01 23:45:51 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll

2011-10-01 23:45:38 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys

2011-10-01 23:45:32 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys

2011-10-01 23:45:29 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys

2011-10-01 23:45:24 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll

2011-10-01 23:45:21 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys

2011-10-01 23:45:12 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys

2011-10-01 23:45:06 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys

2011-10-01 23:45:03 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys

2011-10-01 23:43:51 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll

2011-10-01 23:42:58 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe

2011-10-01 23:41:53 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys

2011-10-01 23:41:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys

2011-10-01 23:41:44 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys

2011-10-01 23:41:42 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys

2011-10-01 23:41:37 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys

2011-10-01 23:41:34 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys

2011-10-01 23:41:28 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys

2011-10-01 23:41:21 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys

2011-10-01 23:41:15 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys

2011-10-01 23:41:11 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys

2011-10-01 23:41:08 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll

2011-10-01 23:41:04 15872 -c--a-w- c:\windows\system32\dllcache\ne2000.sys

2011-10-01 23:39:59 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys

2011-10-01 23:39:53 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys

2011-10-01 23:39:44 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys

2011-10-01 23:39:42 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys

2011-10-01 23:39:26 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys

2011-10-01 23:39:22 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys

2011-10-01 23:39:20 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys

2011-10-01 23:38:55 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys

2011-10-01 23:38:49 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys

2011-10-01 23:38:42 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys

2011-10-01 23:38:36 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys

2011-10-01 23:38:32 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll

2011-10-01 23:38:30 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys

2011-10-01 23:38:26 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll

2011-10-01 23:38:23 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys

2011-10-01 23:38:13 164586 -c--a-w- c:\windows\system32\dllcache\mdgndis5.sys

2011-10-01 23:38:07 7424 -c--a-w- c:\windows\system32\dllcache\mammoth.sys

2011-10-01 23:38:02 48768 -c--a-w- c:\windows\system32\dllcache\maestro.sys

2011-10-01 23:36:57 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll

2011-10-01 23:36:57 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll

2011-10-01 23:36:43 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll

2011-10-01 23:36:40 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll

2011-10-01 23:36:26 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll

2011-10-01 23:36:23 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll

2011-10-01 23:36:19 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll

2011-10-01 23:36:16 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll

2011-10-01 23:36:07 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys

2011-10-01 23:36:04 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys

2011-10-01 23:36:03 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll

2011-10-01 23:36:00 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys

2011-10-01 23:36:00 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe

2011-10-01 23:35:59 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys

2011-10-01 23:35:53 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys

2011-10-01 23:35:50 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll

2011-10-01 23:35:46 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys

2011-10-01 23:35:43 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys

2011-10-01 23:35:11 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll

2011-10-01 23:35:08 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys

2011-10-01 23:35:05 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll

2011-10-01 23:35:02 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll

2011-10-01 23:33:58 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys

2011-10-01 23:32:58 93696 -c--a-w- c:\windows\system32\dllcache\hpgt42.dll

2011-10-01 23:31:59 454912 -c--a-w- c:\windows\system32\dllcache\fxusbase.sys

2011-10-01 23:30:57 34816 -c--a-w- c:\windows\system32\dllcache\esuimg.dll

2011-10-01 23:29:59 66591 -c--a-w- c:\windows\system32\dllcache\el90xbc5.sys

2011-10-01 23:28:59 102484 -c--a-w- c:\windows\system32\dllcache\digiinf.dll

2011-10-01 23:27:59 175104 -c--a-w- c:\windows\system32\dllcache\csamsp.dll

2011-10-01 23:26:43 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys

2011-10-01 23:25:59 96128 -c--a-w- c:\windows\system32\dllcache\ati.dll

2011-10-01 23:24:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll

2011-10-01 21:57:09 -------- d--h--w- c:\windows\PIF

2011-10-01 20:54:25 -------- d-----w- c:\documents and settings\backup.laptop.000\application data\WinPatrol

2011-10-01 02:44:14 -------- d-----w- c:\documents and settings\backup.laptop.000\local settings\application data\ESET

2011-10-01 02:44:14 -------- d-----w- c:\documents and settings\backup.laptop.000\application data\ESET

2011-10-01 02:42:48 -------- d-----w- c:\program files\ESET

2011-10-01 02:05:17 -------- d-----w- c:\documents and settings\backup.laptop.000\local settings\application data\Temp

2011-10-01 02:05:17 -------- d-----w- c:\documents and settings\backup.laptop.000\local settings\application data\Adobe

2011-09-30 00:34:10 -------- d-----w- c:\documents and settings\all users\application data\InstallMate

2011-09-29 11:01:05 -------- d-sh--w- c:\documents and settings\backup.laptop.000\IECompatCache

2011-09-29 10:50:24 -------- d-sh--w- c:\documents and settings\backup.laptop.000\PrivacIE

2011-09-29 10:48:20 -------- d-sh--w- c:\documents and settings\backup.laptop.000\IETldCache

2011-09-29 10:35:38 -------- d-----w- c:\program files\CCleaner

2011-09-24 18:16:25 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-09-24 18:16:25 -------- d-----w- c:\windows\system32\wbem\Repository

2011-09-22 00:17:22 -------- d-----w- c:\program files\FMS(2)

2011-09-13 22:53:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-05 17:04:56 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

.

==================== Find3M ====================

.

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\crypt32(3).dll

2011-07-19 09:05:24 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-07-19 06:40:05 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

.

============= FINISH: 19:32:47.10 ===============

attach.txt.zip

Will still continue to work on this dude but I'm not qualified to know what entries or what needs to be removed in the log files or with what removel tool well I

most generally know what is safe but some of this info blows me away !

ark.txt.zip

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites
dbailey18

dbailey18

Posted
  • Author
Posted

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Hello scree317, I didn't expect anyone to help on this posting and started another today Titled Infected XP Pro Dell Laptop but if wish will continue on here as your requet. Back as soon as possiable with the first log.

Link to post
Share on other sites
dbailey18

dbailey18

Posted
  • Author
Posted

OK, screen317 here are the logs you have requested;

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7862

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

10/8/2011 5:34:49 PM

mbam-log-2011-10-08 (17-34-48).txt

Scan type: Full scan (C:\|)

Objects scanned: 304285

Time elapsed: 4 hour(s), 6 minute(s), 33 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Backup at 19:54:23 on 2011-10-08

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1564 [GMT -4:00]

.

AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\PixArt\PAC7302\Monitor.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\mmc.exe

C:\WINDOWS\system32\dmremote.exe

C:\WINDOWS\System32\dmadmin.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231283044828

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{888D03B9-A843-41F5-A6B0-CD61DA206D06} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{9C87227F-D566-46C7-A232-398CC2149FF9} : DhcpNameServer = 209.18.47.61 209.18.47.62

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

============= SERVICES / DRIVERS ===============

.

R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2009-5-8 15172]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-4 36000]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-4 86224]

R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-10-4 110032]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-4 74640]

S2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-1-12 810144]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\46.tmp --> c:\windows\system32\46.tmp [?]

.

=============== Created Last 30 ================

.

2011-10-08 22:53:22 -------- d-sha-r- C:\cmdcons

2011-10-08 22:50:12 98816 ----a-w- c:\windows\sed.exe

2011-10-08 22:50:12 518144 ----a-w- c:\windows\SWREG.exe

2011-10-08 22:50:12 256000 ----a-w- c:\windows\PEV.exe

2011-10-08 22:50:12 208896 ----a-w- c:\windows\MBR.exe

2011-10-04 15:31:34 -------- d-----w- c:\documents and settings\backup.laptop.000\local settings\application data\FixItCenter

2011-10-04 15:25:27 -------- d-----w- c:\windows\MATS

2011-10-04 15:25:26 -------- d-----w- c:\program files\Microsoft Fix it Center

2011-10-04 14:51:04 -------- d-----w- c:\windows\system32\CatRoot2

2011-10-04 12:19:01 -------- d-----w- c:\documents and settings\backup.laptop.000\application data\Avira

2011-10-04 12:18:03 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-10-04 12:18:03 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2011-10-04 12:18:01 -------- d-----w- c:\program files\Avira

2011-10-04 12:18:01 -------- d-----w- c:\documents and settings\all users\application data\Avira

2011-10-04 09:58:20 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-04 09:58:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-04 00:57:25 56400 ----a-w- c:\windows\system32\drivers\tmrkb.sys

2011-10-02 19:16:33 -------- d-----w- c:\program files\Trend Micro

2011-10-02 18:54:30 -------- d-----w- c:\documents and settings\all users\application data\Norton

2011-10-02 18:54:26 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller

2011-10-02 18:15:58 -------- d-----w- c:\program files\Microsoft ATS

2011-10-02 16:39:33 -------- d-----w- c:\program files\Sophos

2011-10-02 16:23:04 -------- d-----w- c:\documents and settings\backup.laptop.000\application data\f-secure

2011-10-02 16:22:42 -------- d-----w- c:\documents and settings\all users\application data\F-Secure

2011-10-02 15:43:19 -------- d-----w- c:\program files\Unlocker

2011-10-02 13:14:23 -------- d-----w- c:\documents and settings\backup.laptop.000\application data\Malwarebytes

2011-10-02 02:03:44 -------- d--h--w- c:\windows\system32\GroupPolicy

2011-10-02 02:02:40 -------- d-----w- c:\documents and settings\backup.laptop.000\local settings\application data\PCHealth

2011-10-02 01:39:18 -------- d-----w- C:\539e8e2e51e11ca3c47db889

2011-10-02 00:59:13 -------- d-----w- c:\documents and settings\backup.laptop.000\application data\ElevatedDiagnostics

2011-10-01 23:58:53 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2011-10-01 23:58:49 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2011-10-01 23:58:47 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll

2011-10-01 23:58:43 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe

2011-10-01 23:58:38 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe

2011-10-01 23:58:12 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe

2011-10-01 23:58:01 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys

2011-10-01 23:58:00 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys

2011-10-01 23:57:55 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys

2011-10-01 23:57:53 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll

2011-10-01 23:57:31 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys

2011-10-01 23:57:28 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys

2011-10-01 23:57:23 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys

2011-10-01 23:57:12 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys

2011-10-01 23:57:05 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll

2011-10-01 23:55:56 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys

2011-10-01 23:55:51 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys

2011-10-01 23:55:44 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys

2011-10-01 23:55:39 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys

2011-10-01 23:55:35 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys

2011-10-01 23:55:30 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys

2011-10-01 23:55:25 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys

2011-10-01 23:55:21 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys

2011-10-01 23:55:16 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys

2011-10-01 23:55:12 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys

2011-10-01 23:55:09 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys

2011-10-01 23:55:07 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys

2011-10-01 23:55:05 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys

2011-10-01 23:54:58 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll

2011-10-01 23:54:54 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll

2011-10-01 23:54:50 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll

2011-10-01 23:54:45 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll

2011-10-01 23:54:41 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll

2011-10-01 23:54:37 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys

2011-10-01 23:54:32 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll

2011-10-01 23:54:28 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll

2011-10-01 23:54:24 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll

2011-10-01 23:54:19 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll

2011-10-01 23:54:13 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys

2011-10-01 23:54:00 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys

2011-10-01 23:52:56 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys

2011-10-01 23:52:52 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll

2011-10-01 23:52:50 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys

2011-10-01 23:52:45 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys

2011-10-01 23:52:41 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys

2011-10-01 23:52:29 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys

2011-10-01 23:52:24 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys

2011-10-01 23:52:20 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys

2011-10-01 23:52:16 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll

2011-10-01 23:52:09 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll

2011-10-01 23:52:05 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys

2011-10-01 23:52:01 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys

2011-10-01 23:51:57 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll

2011-10-01 23:51:53 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll

2011-10-01 23:51:49 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll

2011-10-01 23:51:45 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll

2011-10-01 23:51:40 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll

2011-10-01 23:51:36 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll

2011-10-01 23:51:31 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys

2011-10-01 23:51:27 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys

2011-10-01 23:51:20 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys

2011-10-01 23:51:15 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll

2011-10-01 23:51:04 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll

2011-10-01 23:49:59 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys

2011-10-01 23:48:57 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys

2011-10-01 23:48:52 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll

2011-10-01 23:48:48 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys

2011-10-01 23:48:32 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys

2011-10-01 23:48:28 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys

2011-10-01 23:48:24 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys

2011-10-01 23:48:20 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll

2011-10-01 23:48:16 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys

2011-10-01 23:48:10 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys

2011-10-01 23:48:06 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys

2011-10-01 23:46:59 210496 -c--a-w- c:\windows\system32\dllcache\s3mvirge.dll

2011-10-01 23:45:56 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys

2011-10-01 23:45:51 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll

2011-10-01 23:45:38 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys

2011-10-01 23:45:32 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys

2011-10-01 23:45:29 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys

2011-10-01 23:45:24 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll

2011-10-01 23:45:21 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys

2011-10-01 23:45:12 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys

2011-10-01 23:45:06 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys

2011-10-01 23:45:03 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys

2011-10-01 23:43:51 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll

2011-10-01 23:42:58 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe

2011-10-01 23:41:53 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys

2011-10-01 23:41:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys

2011-10-01 23:41:44 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys

2011-10-01 23:41:42 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys

2011-10-01 23:41:37 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys

2011-10-01 23:41:34 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys

2011-10-01 23:41:28 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys

2011-10-01 23:41:21 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys

2011-10-01 23:41:15 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys

2011-10-01 23:41:11 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys

2011-10-01 23:41:08 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll

2011-10-01 23:41:04 15872 -c--a-w- c:\windows\system32\dllcache\ne2000.sys

2011-10-01 23:39:59 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys

2011-10-01 23:39:53 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys

2011-10-01 23:39:44 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys

2011-10-01 23:39:42 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys

2011-10-01 23:39:26 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys

2011-10-01 23:39:22 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys

2011-10-01 23:39:20 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys

2011-10-01 23:38:55 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys

2011-10-01 23:38:49 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys

2011-10-01 23:38:42 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys

2011-10-01 23:38:36 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys

2011-10-01 23:38:32 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll

2011-10-01 23:38:30 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys

2011-10-01 23:38:26 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll

2011-10-01 23:38:23 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys

2011-10-01 23:38:13 164586 -c--a-w- c:\windows\system32\dllcache\mdgndis5.sys

2011-10-01 23:38:07 7424 -c--a-w- c:\windows\system32\dllcache\mammoth.sys

2011-10-01 23:38:02 48768 -c--a-w- c:\windows\system32\dllcache\maestro.sys

2011-10-01 23:36:57 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll

2011-10-01 23:36:57 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll

2011-10-01 23:36:43 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll

2011-10-01 23:36:40 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll

2011-10-01 23:36:26 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll

2011-10-01 23:36:23 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll

2011-10-01 23:36:19 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll

2011-10-01 23:36:16 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll

2011-10-01 23:36:07 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys

2011-10-01 23:36:04 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys

2011-10-01 23:36:03 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll

2011-10-01 23:36:00 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys

2011-10-01 23:36:00 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe

2011-10-01 23:35:59 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys

2011-10-01 23:35:53 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys

2011-10-01 23:35:50 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll

2011-10-01 23:35:46 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys

2011-10-01 23:35:43 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys

2011-10-01 23:35:11 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll

2011-10-01 23:35:08 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys

2011-10-01 23:35:05 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll

2011-10-01 23:35:02 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll

2011-10-01 23:33:58 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys

2011-10-01 23:32:58 93696 -c--a-w- c:\windows\system32\dllcache\hpgt42.dll

2011-10-01 23:31:59 454912 -c--a-w- c:\windows\system32\dllcache\fxusbase.sys

2011-10-01 23:30:57 34816 -c--a-w- c:\windows\system32\dllcache\esuimg.dll

2011-10-01 23:29:59 66591 -c--a-w- c:\windows\system32\dllcache\el90xbc5.sys

2011-10-01 23:28:59 102484 -c--a-w- c:\windows\system32\dllcache\digiinf.dll

2011-10-01 23:27:59 175104 -c--a-w- c:\windows\system32\dllcache\csamsp.dll

2011-10-01 23:26:43 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys

2011-10-01 23:25:59 96128 -c--a-w- c:\windows\system32\dllcache\ati.dll

2011-10-01 23:24:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll

2011-10-01 21:57:09 -------- d--h--w- c:\windows\PIF

2011-10-01 20:54:25 -------- d-----w- c:\documents and settings\backup.laptop.000\application data\WinPatrol

2011-10-01 02:44:14 -------- d-----w- c:\documents and settings\backup.laptop.000\local settings\application data\ESET

2011-10-01 02:44:14 -------- d-----w- c:\documents and settings\backup.laptop.000\application data\ESET

2011-10-01 02:42:48 -------- d-----w- c:\program files\ESET

2011-10-01 02:05:17 -------- d-----w- c:\documents and settings\backup.laptop.000\local settings\application data\Temp

2011-10-01 02:05:17 -------- d-----w- c:\documents and settings\backup.laptop.000\local settings\application data\Adobe

2011-09-30 00:34:10 -------- d-----w- c:\documents and settings\all users\application data\InstallMate

2011-09-29 11:01:05 -------- d-sh--w- c:\documents and settings\backup.laptop.000\IECompatCache

2011-09-29 10:50:24 -------- d-sh--w- c:\documents and settings\backup.laptop.000\PrivacIE

2011-09-29 10:48:20 -------- d-sh--w- c:\documents and settings\backup.laptop.000\IETldCache

2011-09-29 10:35:38 -------- d-----w- c:\program files\CCleaner

2011-09-24 18:16:25 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-09-24 18:16:25 -------- d-----w- c:\windows\system32\wbem\Repository

2011-09-22 00:17:22 -------- d-----w- c:\program files\FMS(2)

2011-09-13 22:53:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

==================== Find3M ====================

.

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\crypt32(3).dll

2011-07-19 09:05:24 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-07-19 06:40:05 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

.

============= FINISH: 19:55:41.46 ===============

and the ComboFix Log

ComboFix 11-10-08.04 - Backup 10/08/2011 19:09:39.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1614 [GMT -4:00]

Running from: c:\documents and settings\Backup.LAPTOP.000\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\$NtUninstallKB6851$

c:\windows\$NtUninstallKB6851$\1720359434

c:\windows\$NtUninstallKB6851$\2465822661\@

c:\windows\$NtUninstallKB6851$\2465822661\bckfg.tmp

c:\windows\$NtUninstallKB6851$\2465822661\cfg.ini

c:\windows\$NtUninstallKB6851$\2465822661\Desktop.ini

c:\windows\$NtUninstallKB6851$\2465822661\keywords

c:\windows\$NtUninstallKB6851$\2465822661\kwrd.dll

c:\windows\$NtUninstallKB6851$\2465822661\L\iahonoel

c:\windows\$NtUninstallKB6851$\2465822661\U\00000001.@

c:\windows\$NtUninstallKB6851$\2465822661\U\00000002.@

c:\windows\$NtUninstallKB6851$\2465822661\U\80000000.@

c:\windows\$NtUninstallKB6851$\2465822661\U\80000032.@

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_92f977c5

.

.

((((((((((((((((((((((((( Files Created from 2011-09-08 to 2011-10-08 )))))))))))))))))))))))))))))))

.

.

2011-10-04 15:25 . 2011-10-04 15:25 -------- d-----w- c:\windows\MATS

2011-10-04 15:25 . 2011-10-04 15:25 -------- d-----w- c:\program files\Microsoft Fix it Center

2011-10-04 14:51 . 2011-10-08 23:28 -------- d-----w- c:\windows\system32\CatRoot2

2011-10-04 12:18 . 2011-09-18 12:39 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-10-04 12:18 . 2011-09-16 03:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2011-10-04 12:18 . 2011-09-16 03:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-10-04 12:18 . 2011-10-04 12:18 -------- d-----w- c:\program files\Avira

2011-10-04 12:18 . 2011-10-04 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2011-10-04 09:58 . 2011-10-04 09:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-04 09:58 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-04 00:57 . 2011-10-04 00:57 56400 ----a-w- c:\windows\system32\drivers\tmrkb.sys

2011-10-02 19:16 . 2011-10-02 19:16 -------- d-----w- c:\program files\Trend Micro

2011-10-02 18:54 . 2011-10-02 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2011-10-02 18:15 . 2011-10-02 18:15 -------- d-----w- c:\program files\Microsoft ATS

2011-10-02 16:39 . 2011-10-02 16:39 -------- d-----w- c:\program files\Sophos

2011-10-02 16:22 . 2011-10-02 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure

2011-10-02 15:43 . 2011-10-02 17:57 -------- d-----w- c:\program files\Unlocker

2011-10-02 02:03 . 2011-10-02 02:03 -------- d--h--w- c:\windows\system32\GroupPolicy

2011-10-02 01:39 . 2011-10-02 01:39 -------- d-----w- C:\539e8e2e51e11ca3c47db889

2011-10-01 23:27 . 2001-08-18 02:36 175104 -c--a-w- c:\windows\system32\dllcache\csamsp.dll

2011-10-01 23:26 . 2001-08-17 17:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys

2011-10-01 23:25 . 2001-08-17 18:55 96128 -c--a-w- c:\windows\system32\dllcache\ati.dll

2011-10-01 21:57 . 2011-10-01 21:57 -------- d--h--w- c:\windows\PIF

2011-10-01 02:43 . 2011-10-01 02:43 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET

2011-10-01 02:42 . 2011-10-01 20:37 -------- d-----w- c:\program files\ESET

2011-10-01 02:42 . 2011-10-01 02:42 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET

2011-09-30 00:34 . 2011-09-30 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate

2011-09-29 10:35 . 2011-09-29 10:35 -------- d-----w- c:\program files\CCleaner

2011-09-24 18:16 . 2011-09-24 18:16 -------- d-----w- c:\windows\system32\wbem\Repository

2011-09-22 23:24 . 2011-09-24 18:14 -------- d-s---w- c:\documents and settings\Backup

2011-09-22 00:17 . 2011-09-24 18:14 -------- d-----w- c:\program files\FMS(2)

2011-09-13 22:53 . 2011-09-13 22:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-03 10:17 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32(3).dll

2011-07-19 09:05 . 2010-12-16 02:24 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-07-19 06:40 . 2009-03-11 04:11 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-07-15 13:29 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]

"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

2004-12-04 02:00 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]

2004-12-06 06:05 127035 ----a-w- c:\windows\system32\dla\tfswctrl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]

2007-02-26 05:01 437160 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]

2008-08-20 15:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]

2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"YahooAUService"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"SNDSrvc"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"AOL ACS"=2 (0x2)

"ekrn"=2 (0x2)

"Ati HotKey Poller"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

.

R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [5/8/2009 5:55 PM 15172]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [10/4/2011 8:18 AM 36000]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [12/21/2010 3:04 PM 115008]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/4/2011 8:18 AM 86224]

S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [1/12/2011 4:41 PM 810144]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\46.tmp --> c:\windows\system32\46.tmp [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-08 c:\windows\Tasks\Final Media Player Update Checker.job

- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-05-25 20:50]

.

2010-04-10 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]

.

2011-10-08 c:\windows\Tasks\User_Feed_Synchronization-{628C22B0-8A05-4F79-96B9-341014B1119D}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]

.

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)

SafeBoot-34976608.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-08 19:35

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\46.tmp"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1052)

c:\windows\system32\Ati2evxx.dll

c:\program files\Intel\Wireless\Bin\LgNotify.dll

.

- - - - - - - > 'explorer.exe'(4052)

c:\windows\system32\WININET.dll

c:\program files\Windows Media Player\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Intel\Wireless\Bin\WLKeeper.exe

c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe

c:\progra~1\Intel\Wireless\Bin\1XConfig.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

c:\program files\CDBurnerXP\NMSAccessU.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2011-10-08 19:42:00 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-08 23:41

.

Pre-Run: 38,336,663,552 bytes free

Post-Run: 39,087,529,984 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - A6E7AD792A72ED08867A0C6D5133415C

also a new attach file

attach.zip

I see some entries in the HJT log that looks as though to me they should hit the road also.

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

What entries are you referring to?

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites
dbailey18

dbailey18

Posted
  • Author
Posted

Well I finally made it back with the logs you have requested;

Results of screen317's Security Check version 0.99.23

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Avira Free Antivirus

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 27

Adobe Reader X (10.1.1)

````````````````````````````````

Process Check:

objlist.exe by Laurent

WinPatrol winpatrol.exe is disabled!

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

``````````End of Log````````````

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=918c55eceea12a4f974fc36bb41c23e8

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-10-10 09:53:04

# local_time=2011-10-10 05:53:04 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1792 16777175 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=93882

# found=0

# cleaned=0

# scan_time=23271

Here are the entries I am reffering to in the HJT;

uURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

I am guessing that the Browser Helper Object was a tool bar but has been uninstalled but the uURLSearchHooks: H - No File I'not sure what that was.

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

Nore These ?

2011-09-22 00:08:15 -------- d-----w- c:\program files\DealRunner

2011-09-22 00:07:58 -------- d-----w- c:\program files\Shop to Win 9

2011-09-22 00:07:57 -------- d-----w- c:\program files\Shop To Win

2011-09-22 00:07:20 -------- d-----w- c:\program files\StartNow Toolbar

Could I also get rid of these some how ? All I ask is point me in the right direction.

System seams to run ok for what it is 1.6 cpu just loads slow and with the hard drive being so full will probably dump some files , Pics and so on to a flash drive defrag with no page file running and let me know when it is ok to re-enable the cd emulation with Defogger .

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

Folder::
c:\program files\Shop to Win 9
c:\program files\Shop To Win
c:\program files\StartNow Toolbar
DDS::
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Link to post
Share on other sites
dbailey18

dbailey18

Posted
  • Author
Posted

screen 17, Here is the items you asked for;

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Backup at 22:01:52 on 2011-10-12

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1554 [GMT -4:00]

.

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\PROGRA~1\HP\DIGITA~1\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wscntfy.exe

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231283044828

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{888D03B9-A843-41F5-A6B0-CD61DA206D06} : DhcpNameServer = 209.18.47.61 209.18.47.62

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

============= SERVICES / DRIVERS ===============

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-4 36000]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-4 86224]

R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-10-4 110032]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-4 74640]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-1-12 810144]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\46.tmp --> c:\windows\system32\46.tmp [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-10-12 11:09:13 -------- d-----w- c:\program files\Folder Size

2011-10-11 21:26:23 -------- d-----w- c:\program files\Defraggler

2011-10-09 17:58:01 -------- d-----w- c:\windows\system32\winrm

2011-10-09 17:57:43 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2011-10-09 17:53:38 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll

2011-10-09 16:18:35 266360 ----a-w- c:\windows\system32\TweakUI.exe

2011-10-09 01:27:06 -------- d-----w- c:\documents and settings\backup.laptop.000\local settings\application data\MindGems

2011-10-08 22:53:22 -------- d-sha-r- C:\cmdcons

2011-10-08 22:50:12 98816 ----a-w- c:\windows\sed.exe

2011-10-08 22:50:12 518144 ----a-w- c:\windows\SWREG.exe

2011-10-08 22:50:12 256000 ----a-w- c:\windows\PEV.exe

2011-10-08 22:50:12 208896 ----a-w- c:\windows\MBR.exe

2011-10-04 15:31:34 -------- d-----w- c:\documents and settings\backup.laptop.000\local settings\application data\FixItCenter

2011-10-04 15:25:27 -------- d-----w- c:\windows\MATS

2011-10-04 15:25:26 -------- d-----w- c:\program files\Microsoft Fix it Center

2011-10-04 14:51:04 -------- d-----w- c:\windows\system32\CatRoot2

2011-10-04 12:19:01 -------- d-----w- c:\documents and settings\backup.laptop.000\application data\Avira

2011-10-04 12:18:03 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-10-04 12:18:03 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2011-10-04 12:18:01 -------- d-----w- c:\program files\Avira

2011-10-04 12:18:01 -------- d-----w- c:\documents and settings\all users\application data\Avira

2011-10-04 09:58:20 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-04 09:58:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-04 00:57:25 56400 ----a-w- c:\windows\system32\drivers\tmrkb.sys

2011-10-02 19:16:33 -------- d-----w- c:\program files\Trend Micro

2011-10-02 18:54:30 -------- d-----w- c:\documents and settings\all users\application data\Norton

2011-10-02 18:54:26 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller

2011-10-02 18:15:58 -------- d-----w- c:\program files\Microsoft ATS

2011-10-02 16:39:33 -------- d-----w- c:\program files\Sophos

2011-10-02 16:23:04 -------- d-----w- c:\documents and settings\backup.laptop.000\application data\f-secure

2011-10-02 16:22:42 -------- d-----w- c:\documents and settings\all users\application data\F-Secure

2011-10-02 15:43:19 -------- d-----w- c:\program files\Unlocker

2011-10-02 13:14:23 -------- d-----w- c:\documents and settings\backup.laptop.000\application data\Malwarebytes

2011-10-02 02:03:44 -------- d--h--w- c:\windows\system32\GroupPolicy

2011-10-02 02:02:40 -------- d-----w- c:\documents and settings\backup.laptop.000\local settings\application data\PCHealth

2011-10-02 01:39:18 -------- d-----w- C:\539e8e2e51e11ca3c47db889

2011-10-02 00:59:13 -------- d-----w- c:\documents and settings\backup.laptop.000\application data\ElevatedDiagnostics

2011-10-01 23:58:53 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2011-10-01 23:58:49 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2011-10-01 23:58:47 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll

2011-10-01 23:58:43 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe

2011-10-01 23:58:38 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe

2011-10-01 23:58:12 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe

2011-10-01 23:58:01 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys

2011-10-01 23:58:00 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys

2011-10-01 23:57:55 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys

2011-10-01 23:57:53 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll

2011-10-01 23:57:31 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys

2011-10-01 23:57:28 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys

2011-10-01 23:57:23 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys

2011-10-01 23:57:12 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys

2011-10-01 23:57:05 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll

2011-10-01 23:55:56 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys

2011-10-01 23:55:51 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys

2011-10-01 23:55:44 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys

2011-10-01 23:55:39 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys

2011-10-01 23:55:35 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys

2011-10-01 23:55:30 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys

2011-10-01 23:55:25 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys

2011-10-01 23:55:21 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys

2011-10-01 23:55:16 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys

2011-10-01 23:55:12 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys

2011-10-01 23:55:09 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys

2011-10-01 23:55:07 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys

2011-10-01 23:55:05 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys

2011-10-01 23:54:58 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll

2011-10-01 23:54:54 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll

2011-10-01 23:54:50 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll

2011-10-01 23:54:45 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll

2011-10-01 23:54:41 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll

2011-10-01 23:54:37 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys

2011-10-01 23:54:32 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll

2011-10-01 23:54:28 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll

2011-10-01 23:54:24 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll

2011-10-01 23:54:19 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll

2011-10-01 23:54:13 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys

2011-10-01 23:54:00 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys

2011-10-01 23:52:56 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys

2011-10-01 23:52:52 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll

2011-10-01 23:52:50 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys

2011-10-01 23:52:45 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys

2011-10-01 23:52:41 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys

2011-10-01 23:52:29 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys

2011-10-01 23:52:24 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys

2011-10-01 23:52:20 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys

2011-10-01 23:52:16 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll

2011-10-01 23:52:09 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll

2011-10-01 23:52:05 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys

2011-10-01 23:52:01 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys

2011-10-01 23:51:57 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll

2011-10-01 23:51:53 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll

2011-10-01 23:51:49 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll

2011-10-01 23:51:45 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll

2011-10-01 23:51:40 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll

2011-10-01 23:51:36 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll

2011-10-01 23:51:31 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys

2011-10-01 23:51:27 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys

2011-10-01 23:51:20 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys

2011-10-01 23:51:15 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll

2011-10-01 23:51:04 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll

2011-10-01 23:49:59 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys

2011-10-01 23:48:57 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys

2011-10-01 23:48:52 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll

2011-10-01 23:48:48 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys

2011-10-01 23:48:32 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys

2011-10-01 23:48:28 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys

2011-10-01 23:48:24 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys

2011-10-01 23:48:20 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll

2011-10-01 23:48:16 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys

2011-10-01 23:48:10 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys

2011-10-01 23:48:06 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys

2011-10-01 23:46:59 210496 -c--a-w- c:\windows\system32\dllcache\s3mvirge.dll

2011-10-01 23:45:56 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys

2011-10-01 23:45:51 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll

2011-10-01 23:45:38 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys

2011-10-01 23:45:32 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys

2011-10-01 23:45:29 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys

2011-10-01 23:45:24 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll

2011-10-01 23:45:21 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys

2011-10-01 23:45:12 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys

2011-10-01 23:45:06 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys

2011-10-01 23:45:03 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys

2011-10-01 23:43:51 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll

2011-10-01 23:42:58 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe

2011-10-01 23:41:53 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys

2011-10-01 23:41:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys

2011-10-01 23:41:44 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys

2011-10-01 23:41:42 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys

2011-10-01 23:41:37 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys

2011-10-01 23:41:34 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys

2011-10-01 23:41:28 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys

2011-10-01 23:41:21 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys

2011-10-01 23:41:15 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys

2011-10-01 23:41:11 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys

2011-10-01 23:41:08 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll

2011-10-01 23:41:04 15872 -c--a-w- c:\windows\system32\dllcache\ne2000.sys

2011-10-01 23:39:59 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys

2011-10-01 23:39:53 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys

2011-10-01 23:39:44 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys

2011-10-01 23:39:42 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys

2011-10-01 23:39:26 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys

2011-10-01 23:39:22 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys

2011-10-01 23:39:20 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys

2011-10-01 23:38:55 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys

2011-10-01 23:38:49 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys

2011-10-01 23:38:42 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys

2011-10-01 23:38:36 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys

2011-10-01 23:38:32 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll

2011-10-01 23:38:30 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys

2011-10-01 23:38:26 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll

2011-10-01 23:38:23 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys

2011-10-01 23:38:13 164586 -c--a-w- c:\windows\system32\dllcache\mdgndis5.sys

2011-10-01 23:38:07 7424 -c--a-w- c:\windows\system32\dllcache\mammoth.sys

2011-10-01 23:38:02 48768 -c--a-w- c:\windows\system32\dllcache\maestro.sys

2011-10-01 23:36:57 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll

2011-10-01 23:36:57 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll

2011-10-01 23:36:43 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll

2011-10-01 23:36:40 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll

2011-10-01 23:36:26 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll

2011-10-01 23:36:23 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll

2011-10-01 23:36:19 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll

2011-10-01 23:36:16 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll

2011-10-01 23:36:07 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys

2011-10-01 23:36:04 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys

2011-10-01 23:36:03 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll

2011-10-01 23:36:00 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys

2011-10-01 23:36:00 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe

2011-10-01 23:35:59 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys

2011-10-01 23:35:53 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys

2011-10-01 23:35:50 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll

2011-10-01 23:35:46 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys

2011-10-01 23:35:43 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys

2011-10-01 23:35:11 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll

2011-10-01 23:35:08 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys

2011-10-01 23:35:05 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll

2011-10-01 23:35:02 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll

2011-10-01 23:33:58 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys

2011-10-01 23:32:58 93696 -c--a-w- c:\windows\system32\dllcache\hpgt42.dll

2011-10-01 23:31:59 454912 -c--a-w- c:\windows\system32\dllcache\fxusbase.sys

2011-10-01 23:30:57 34816 -c--a-w- c:\windows\system32\dllcache\esuimg.dll

2011-10-01 23:29:59 66591 -c--a-w- c:\windows\system32\dllcache\el90xbc5.sys

2011-10-01 23:28:59 102484 -c--a-w- c:\windows\system32\dllcache\digiinf.dll

2011-10-01 23:27:59 175104 -c--a-w- c:\windows\system32\dllcache\csamsp.dll

2011-10-01 23:26:43 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys

2011-10-01 23:25:59 96128 -c--a-w- c:\windows\system32\dllcache\ati.dll

2011-10-01 23:24:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll

2011-10-01 21:57:09 -------- d--h--w- c:\windows\PIF

2011-10-01 20:54:25 -------- d-----w- c:\documents and settings\backup.laptop.000\application data\WinPatrol

2011-10-01 02:44:14 -------- d-----w- c:\documents and settings\backup.laptop.000\local settings\application data\ESET

2011-10-01 02:44:14 -------- d-----w- c:\documents and settings\backup.laptop.000\application data\ESET

2011-10-01 02:42:48 -------- d-----w- c:\program files\ESET

2011-10-01 02:05:17 -------- d-----w- c:\documents and settings\backup.laptop.000\local settings\application data\Temp

2011-10-01 02:05:17 -------- d-----w- c:\documents and settings\backup.laptop.000\local settings\application data\Adobe

2011-09-30 00:34:10 -------- d-----w- c:\documents and settings\all users\application data\InstallMate

2011-09-29 11:01:05 -------- d-sh--w- c:\documents and settings\backup.laptop.000\IECompatCache

2011-09-29 10:50:24 -------- d-sh--w- c:\documents and settings\backup.laptop.000\PrivacIE

2011-09-29 10:48:20 -------- d-sh--w- c:\documents and settings\backup.laptop.000\IETldCache

2011-09-29 10:35:38 -------- d-----w- c:\program files\CCleaner

2011-09-24 18:16:25 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-09-24 18:16:25 -------- d-----w- c:\windows\system32\wbem\Repository

2011-09-22 00:17:22 -------- d-----w- c:\program files\FMS(2)

2011-09-13 22:53:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

==================== Find3M ====================

.

2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\crypt32(3).dll

2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec

2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-07-19 09:05:24 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-07-19 06:40:05 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

.

============= FINISH: 22:02:15.87 ===============

attach.zip

ark.txt.zip

Link to post
Share on other sites
dbailey18

dbailey18

Posted
  • Author
Posted

I see that you added some entries on the other posting that I had and considered that issue which is actually this issue resolved so I suppose this system is clean and I can turn cd roam emulation back on (defogger )? Please advise .

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

ESET Online Scanner v3

Restart your computer.

Enable Defogger.

Let me know what issues remain.

-screen317

Link to post
Share on other sites
dbailey18

dbailey18

Posted
  • Author
Posted

OK ! Everything seems fine it just that since this laptop is sorta old and the processor is only a 1.6ghz it probably takes a good 4 min for everything to load and for the system to finally settle down I did notice that when removing the printer software (HP) from loading at startup that things did load faster but I have seen this issue on several older hp software installs and even on faster systems other than that things are OK. Oh! the only other thing is the amount of time going from the loading windows splash screen to the logon screen probably takes more than it should probably about 30 to 45 seconds. It is that dark screen in between that is annoying . I used to have a tweak some where to reduce that amount of time but unable to come across it for now. Thanks for all of your help and if there is anything else please let me know.

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

Next, please run the PCPitstop Full Tests here (NOT the PCMatic scan or any other scan; simply register with the box on the left and you will be taken to the Full Tests/Overdrive Test). When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

Link to post
Share on other sites
  • 2 weeks later...
  • 2 weeks later...
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.