Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't scan with Avira


  • This topic is locked This topic is locked
12 replies to this topic

#1 Kenai

Kenai

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 27 March 2009 - 01:27 PM

DDS


DDS (Ver_09-03-16.01) - NTFSx86
Run by Tommy at 11:04:28.32 on Fri 03/27/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.1518 [GMT -7:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Kodak\AiO\center\KodakSvc.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}

\PIFSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}

\PIFSvc.exe
C:\WINDOWS\RtHDVCpl.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\mcupdate.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Tommy\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://us.mg2.mail.yahoo.com/dc/launch?.rand=39gnl8arvsmpe
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program

files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program

files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program

files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program

files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} -

c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!

\companion\installs\cpn\yt.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh

networks\veoh\plugins\reg\VeohToolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program

files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program

files\google\google toolbar\GoogleToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [<NO NAME>]
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [CCUTRAYICON] FactoryMode
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health

check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe" -delete
mRun: [<NO NAME>]
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85

-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec

shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0

\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device

support\bin\AppleSyncNotifier.exe
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\tommy\appdata\roaming\micros~1\windows\startm~1

\programs\startup\xfire.lnk - c:\program files\xfire\xfire.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -

hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-

469358f075a6/OGAControl.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} -

hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} -

hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} -

hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} -

hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} -

hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} -

hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-

1_6_0_13-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -

hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -

hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-

1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-

1_6_0_13-windows-i586.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} -

hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
TCP: {1503B5E1-0606-4960-A098-F98B5435B4C5} = 208.67.222.222,208.67.220.220
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program

files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1

\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath -

c:\users\tommy\appdata\roaming\mozilla\firefox\profiles\snxcrt6m.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&q=
FF - component:

c:\users\tommy\appdata\roaming\mozilla\firefox\profiles\snxcrt6m.default\extensions\{1392b8

d2-5c05-419f-a8f6-b9f15a596612}\components\FFAlert.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\dyyno\dyyno player\npvlc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin:

c:\users\tommy\appdata\roaming\mozilla\firefox\profiles\snxcrt6m.default\extensions\npdyyno

@dyyno.com\plugins\npDyyno.dll

============= SERVICES / DRIVERS ===============

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2008-12-27 159600]
R2 DQLWinService;DQLWinService;c:\program files\common

files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program

files\kodak\aio\center\EKDiscovery.exe [2009-1-19 279960]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\aio\center\KodakSvc.exe [2009-

1-19 38296]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2008-12-27

73840]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2008-12-27 95640]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys

[2007-12-19 21920]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media

server\tools\IntelDHSvcConf.exe [2006-5-10 29696]

=============== Created Last 30 ================

2009-03-22 17:02 <DIR> --d----- c:\programdata\Eastman Kodak Company
2009-03-22 17:02 <DIR> --d----- c:\progra~2\Eastman Kodak Company
2009-03-22 17:01 636 a------- c:\windows\system32\InstallUtil.InstallLog
2009-03-22 16:40 12,800 a------- c:\windows\system32\EKDeviceServices.dll
2009-03-22 14:43 <DIR> --d----- c:\users\tommy\appdata\roaming\Temp
2009-03-20 15:25 41,808 a------- c:\windows\system32\xfcodec.dll
2009-03-17 23:08 <DIR> --d----- c:\program files\Panda Security
2009-03-10 15:39 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-03-10 15:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-03-10 15:39 4,096 a------- c:\windows\system32\msdxm.ocx
2009-03-10 15:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-03-10 15:39 268,288 a------- c:\windows\system32\schannel.dll
2009-03-10 15:39 2,033,152 a------- c:\windows\system32\win32k.sys
2009-03-06 15:58 <DIR> --d----- c:\users\tommy\appdata\roaming\AccurateRip
2009-03-06 15:58 <DIR> --d----- c:\program files\Illustrate
2009-03-06 03:39 <DIR> --d----- c:\users\tommy\appdata\roaming\dyyno-vlc
2009-03-05 23:11 <DIR> --d----- c:\windows\pss
2009-03-05 20:59 <DIR> --d----- c:\program files\Valve

==================== Find3M ====================

2009-03-26 17:59 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-03-22 15:44 143,360 a------- c:\windows\inf\infstrng.dat
2009-03-22 15:44 51,200 a------- c:\windows\inf\infpub.dat
2009-03-22 15:44 86,016 a------- c:\windows\inf\infstor.dat
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 15:58 13,785 a------- c:\windows\system32\SpoonUninstall-

dBpoweramp Music Converter.dat
2009-03-06 15:57 5,068,152 a------- c:\windows\system32

\SpoonUninstall.exe
2009-02-18 20:19 138,064 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-02-18 20:18 188,848 a------- c:\windows\system32\PnkBstrB.exe
2009-02-06 19:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-02-01 21:46 70,968 a------- c:\windows\system32\PnkBstrA.exe
2009-01-15 15:23 12,800 a-------

c:\windows\help\oem\scripts\HCDownloadApp.exe
2009-01-14 23:11 827,392 a------- c:\windows\system32\wininet.dll
2008-11-21 17:14 56 a---h--- c:\programdata\ezsidmv.dat
2008-11-21 17:14 56 a---h--- c:\progra~2\ezsidmv.dat
2008-10-28 15:29 22,328 a------- c:\users\tommy\appdata\roaming\PnkBstrK.sys
2008-07-01 19:20 2,788,800 a------- c:\program files\FLV

PlayerFCSetup.exe
2008-06-22 02:36 174 a--sh--- c:\program files\desktop.ini
2008-06-22 02:25 665,600 a------- c:\windows\inf\drvindex.dat
2008-02-20 13:33 0 a------- c:\users\tommy\appdata\roaming\wklnhst.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-10-03 16:45 16,384 a--sh---

c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5

\index.dat
2008-10-03 16:45 32,768 a--sh---

c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet

files\content.ie5\index.dat
2008-10-03 16:45 16,384 a--sh---

c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 11:04:59.97 ===============


I also have the other file it gave me but said to zip up and send only if asked so that is ready to go if needed

BC AdBot (Login to Remove)

 


#2 Kenai

Kenai
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 04 April 2009 - 03:52 PM

Don't really want to do this as its a bump and I know its against the rules, but seeing as there isn't a "Haven't had a reply in seven days?" thread anymore I have no idea whats up and I can't find a place to post that question on this site =/

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:02:45 PM

Posted 05 April 2009 - 04:26 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#4 Kenai

Kenai
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 05 April 2009 - 06:40 PM

I understand, no need to explain it to me I know you are all busy with life ontop of helping people with their problems ;) Thank You for the help though

I just can't access Avira's scanner and for some reason it gives me the update icon for my OS but I can't click or right click it and I don't know really what to do with it so its made me kind of concerned


DDS Log


DDS (Ver_09-03-16.01) - NTFSx86
Run by Tommy at 16:36:46.27 on Sun 04/05/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.3070.2099 [GMT -7:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Kodak\AiO\center\KodakSvc.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\RtHDVCpl.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\setup_wm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\ehome\mcupdate.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe
C:\Windows\system32\wusa.exe
C:\Windows\ehome\mcupdate.EXE
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Tommy\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://us.mg2.mail.yahoo.com/dc/launch?.rand=39gnl8arvsmpe
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [<NO NAME>]
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [CCUTRAYICON] FactoryMode
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe" -delete
mRun: [<NO NAME>]
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\tommy\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\xfire.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
TCP: {1503B5E1-0606-4960-A098-F98B5435B4C5} = 208.67.222.222,208.67.220.220
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\tommy\appdata\roaming\mozilla\firefox\profiles\snxcrt6m.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&q=
FF - component: c:\users\tommy\appdata\roaming\mozilla\firefox\profiles\snxcrt6m.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFAlert.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\dyyno\dyyno player\npvlc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\users\tommy\appdata\roaming\mozilla\firefox\profiles\snxcrt6m.default\extensions\npdyyno@dyyno.com\plugins\npDyyno.dll

============= SERVICES / DRIVERS ===============

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2008-12-27 159600]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKDiscovery.exe [2009-1-19 279960]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\aio\center\KodakSvc.exe [2009-1-19 38296]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2008-12-27 73840]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2008-12-27 95640]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2007-12-19 21920]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]

=============== Created Last 30 ================

2009-04-04 03:05 <DIR> --d----- c:\users\tommy\appdata\roaming\Folding@home-x86
2009-04-04 03:05 <DIR> --d----- c:\program files\Folding@home
2009-04-04 02:55 0 a---h--t c:\windows\wusa.lock
2009-04-04 02:55 <DIR> --d----- C:\7142265b6ed3e536fdca
2009-04-04 00:56 <DIR> --d----- c:\program files\common files\GSplit
2009-04-03 04:03 <DIR> --d----- c:\programdata\kds_kodak
2009-04-03 04:03 <DIR> --d----- c:\progra~2\kds_kodak
2009-03-22 17:02 <DIR> --d----- c:\programdata\Eastman Kodak Company
2009-03-22 17:02 <DIR> --d----- c:\progra~2\Eastman Kodak Company
2009-03-22 17:01 636 a------- c:\windows\system32\InstallUtil.InstallLog
2009-03-22 16:40 12,800 a------- c:\windows\system32\EKDeviceServices.dll
2009-03-22 14:43 <DIR> --d----- c:\users\tommy\appdata\roaming\Temp
2009-03-20 15:25 41,808 a------- c:\windows\system32\xfcodec.dll
2009-03-17 23:08 <DIR> --d----- c:\program files\Panda Security
2009-03-10 15:39 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-03-10 15:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-03-10 15:39 4,096 a------- c:\windows\system32\msdxm.ocx
2009-03-10 15:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-03-10 15:39 268,288 a------- c:\windows\system32\schannel.dll
2009-03-10 15:39 2,033,152 a------- c:\windows\system32\win32k.sys

==================== Find3M ====================

2009-04-05 16:31 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-03-22 15:44 143,360 a------- c:\windows\inf\infstrng.dat
2009-03-22 15:44 51,200 a------- c:\windows\inf\infpub.dat
2009-03-22 15:44 86,016 a------- c:\windows\inf\infstor.dat
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 15:58 13,785 a------- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-03-06 15:57 5,068,152 a------- c:\windows\system32\SpoonUninstall.exe
2009-02-18 20:19 138,064 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-02-18 20:18 188,848 a------- c:\windows\system32\PnkBstrB.exe
2009-02-06 19:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-02-01 21:46 70,968 a------- c:\windows\system32\PnkBstrA.exe
2009-01-15 15:23 12,800 a------- c:\windows\help\oem\scripts\HCDownloadApp.exe
2009-01-14 23:11 827,392 a------- c:\windows\system32\wininet.dll
2008-11-21 17:14 56 a---h--- c:\programdata\ezsidmv.dat
2008-11-21 17:14 56 a---h--- c:\progra~2\ezsidmv.dat
2008-10-28 15:29 22,328 a------- c:\users\tommy\appdata\roaming\PnkBstrK.sys
2008-07-01 19:20 2,788,800 a------- c:\program files\FLV PlayerFCSetup.exe
2008-06-22 02:36 174 a--sh--- c:\program files\desktop.ini
2008-06-22 02:25 665,600 a------- c:\windows\inf\drvindex.dat
2008-02-20 13:33 0 a------- c:\users\tommy\appdata\roaming\wklnhst.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-10-03 16:45 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-10-03 16:45 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-10-03 16:45 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 16:37:04.30 ===============

Attached Files


Edited by Kenai, 05 April 2009 - 06:42 PM.


#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 PM

Posted 05 April 2009 - 07:04 PM

Hello.

I just can't access Avira's scanner and for some reason it gives me the update icon for my OS but I can't click or right click it and I don't know really what to do with it so its made me kind of concerned

You might want to reinstall it.

I need to check for one last thing. Please run the following scanners.

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Download and Run Scan with GMER

We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
    Alternate Download Site 1
    Alternate Download Site 2
    Alternate Download Site 3
  • Unzip/extract the file to its own folder. Right-Click and select Extract All...
  • Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  • Click on the Browse button. Click on Desktop. Then click OK.
  • Click Next. It will now start extracting.
  • Once it is done, check (tick) the Show extracted files box and click Finish
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Right click on gmer.exe and select Run as administrator to run it. It will start running a scan.
    If it detects rootkit activity, you will receive a prompt to run a full scan. Click Yes..
  • When it's done scanning, you may receive another notice. Click OK if prompted.
  • Click on Save ... to save the log on your desktop.
    Save the log as GMER.txt when you save it on your desktop.
  • Close Gmer and copy and paste the contents of GMER.txt in your next reply.
If you receive no notice, click on the Scan button near the bottom.

  • It will start scanning again like before.
  • When it is done, Click on Save ... to save the log on your desktop.
    Save the log as GMER.txt when you save it on your desktop.
  • Close Gmer and copy and paste the contents of GMER.txt in your next reply.
If GMER doesn't work in Normal Mode try running it in Safe Mode

Note: Do Not run any program while GMER is running

Post back with a new DDS log as well.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 Kenai

Kenai
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 05 April 2009 - 10:12 PM

Malwarebytes' Anti-Malware 1.35
Database version: 1943
Windows 6.0.6001 Service Pack 1

4/5/2009 6:39:17 PM
mbam-log-2009-04-05 (18-39-17).txt

Scan type: Quick Scan
Objects scanned: 76206
Time elapsed: 5 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Once the other scan finishes I'll post that and a new dds log

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 PM

Posted 06 April 2009 - 07:05 AM

Okay.

Thanks for letting me know :thumbup2:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 Kenai

Kenai
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 06 April 2009 - 11:43 PM

22 hours later gmer scan result x_x


GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-06 21:38:24
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.15 ----

SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwAllocateVirtualMemory [0x9D294B94]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwAlpcConnectPort [0x9D294516]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwAssignProcessToJobObject [0x9D294586]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwConnectPort [0x9D2945DA]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwCreateFile [0x9D294640]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwCreateProcess [0x9D29472E]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwCreateProcessEx [0x9D2947BA]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwCreateThread [0x9D29484A]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwDebugActiveProcess [0x9D294980]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwDuplicateObject [0x9D2949D4]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwLoadDriver [0x9D294A3A]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwOpenKey [0x9D294A8C]
SSDT 81175FA8 ZwOpenProcess
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwOpenSection [0x9D294AE4]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwOpenThread [0x9D294B3C]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwProtectVirtualMemory [0x9D294BFA]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwRestoreKey [0x9D294C58]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwResumeThread [0x9D294CB6]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwSecureConnectPort [0x9D294D74]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwSetValueKey [0x9D294D08]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwSuspendProcess [0x9D294DDE]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwSystemDebugControl [0x9D294E30]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwTerminateProcess [0x9D294E90]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwWriteVirtualMemory [0x9D294EF4]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwCreateThreadEx [0x9D2948EC]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwCreateUserProcess [0x9D2946BE]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 364 81EC1928 4 Bytes [94, 4B, 29, 9D]
.text ntkrnlpa.exe!KeSetTimerEx + 370 81EC1934 4 Bytes [16, 45, 29, 9D]
.text ntkrnlpa.exe!KeSetTimerEx + 3C4 81EC1988 4 Bytes [86, 45, 29, 9D] {XCHG [EBP+0x29], AL; POPF }
.text ntkrnlpa.exe!KeSetTimerEx + 3F4 81EC19B8 4 Bytes [DA, 45, 29, 9D] {FIADD DWORD [EBP+0x29]; POPF }
.text ntkrnlpa.exe!KeSetTimerEx + 40C 81EC19D0 4 Bytes [40, 46, 29, 9D]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Windows Media Player\setup_wm.exe[28884] ADVAPI32.dll!RegSetValueExA 7696B8F1 7 Bytes JMP 1004804B C:\Program Files\Xfire\xfire_toucan_36285.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Windows Media Player\setup_wm.exe[28884] ADVAPI32.dll!RegSetValueExW 7697BA90 7 Bytes JMP 100480F2 C:\Program Files\Xfire\xfire_toucan_36285.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Windows Media Player\setup_wm.exe[28884] ADVAPI32.dll!RegSetValueW 7699507C 5 Bytes JMP 10047FAB C:\Program Files\Xfire\xfire_toucan_36285.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Windows Media Player\setup_wm.exe[28884] ADVAPI32.dll!RegSetValueA 769D52E1 5 Bytes JMP 10047F0E C:\Program Files\Xfire\xfire_toucan_36285.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] kernel32.dll!IsDebuggerPresent 77ECF9C3 6 Bytes JMP 005E37C0 C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest)
.text C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] kernel32.dll!DeviceIoControl 77EDC22F 7 Bytes JMP 0045CA60 C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest)
.text C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] kernel32.dll!CreateFileW 77EFCC4E 5 Bytes JMP 0045C9D0 C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest)
.text C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] kernel32.dll!CreateFileA 77EFCF71 5 Bytes JMP 0045C9C0 C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest)
.text C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] USER32.dll!ChangeDisplaySettingsExA 768E13E2 5 Bytes JMP 00466060 C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest)
.text C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] USER32.dll!ChangeDisplaySettingsExW 768FA981 5 Bytes JMP 00466090 C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest)
.text C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] ADVAPI32.dll!RegDeleteKeyW 76969C7E 7 Bytes JMP 0041A030 C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest)
.text C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] ADVAPI32.dll!RegDeleteKeyA 76969D63 5 Bytes JMP 0041A000 C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest)
.text C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] ADVAPI32.dll!RegQueryInfoKeyA 76969E42 7 Bytes JMP 0041A220 C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest)
.text C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] ADVAPI32.dll!RegDeleteValueA 7696A565 7 Bytes JMP 0041A060 C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest)
.text C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] ADVAPI32.dll!RegQueryValueA 7696B1C1 7 Bytes JMP 0041A280 C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest)
.text C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] ADVAPI32.dll!RegCreateKeyExA 7696B5E7 5 Bytes JMP 00419FC0 C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest)
.text C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] ADVAPI32.dll!RegCreateKeyA 7696B8AE 5 Bytes JMP 00419F80 C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest)
.text C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] ADVAPI32.dll!RegSetValueExA 7696B8F1 7 Bytes JMP 0041A3A0 C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest)
.text C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] ADVAPI32.dll!RegDeleteValueW 7696BC79 7 Bytes JMP 0041A090 C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest)
.text C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] ADVAPI32.dll!RegOpenKeyA 76970BF5 5 Bytes JMP 0041A180 C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest)
.text C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] ADVAPI32.dll!RegEnumValueA 76970D57 7 Bytes JMP 0041A120 C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest)
.text C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] ADVAPI32.dll!RegEnumValueW 769716D2 7 Bytes JMP 0041A150 C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest)
.text C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] ADVAPI32.dll!RegEnumKeyExA 7697A78C 5 Bytes JMP 0041A0C0 C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest)
.text C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] ADVAPI32.dll!RegQueryValueW 7697AF5D 7 Bytes JMP 0041A2B0 C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest)
.text C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] ADVAPI32.dll!RegCreateKeyW 7697B83D 5 Bytes JMP 00419FA0 C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest)
.text C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] ADVAPI32.dll!RegSetValueExW 7697BA90 7 Bytes JMP 0041A3D0 C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest)
.text C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] ADVAPI32.dll!RegCreateKeyExW 7697BCE1 5 Bytes JMP 00419FE0 C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest)
.text C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] ADVAPI32.dll!RegQueryInfoKeyW 7697C5AF 7 Bytes JMP 0041A250 C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest)
.text C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] ADVAPI32.dll!RegOpenKeyExA 7697D4E8 5 Bytes JMP 0041A1C0 C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest)
.text C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] ADVAPI32.dll!RegQueryValueExA 7697D639 7 Bytes JMP 0041A2E0 C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest)
.text C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] ADVAPI32.dll!RegOpenKeyW 76983CB0 5 Bytes JMP 0041A1A0 C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest)
.text C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] ADVAPI32.dll!RegOpenKeyExW 7698F09D 5 Bytes JMP 0041A1F0 C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest)
.text C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] ADVAPI32.dll!RegCloseKey 7698F429 7 Bytes JMP 00419F20 C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest)
.text C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] ADVAPI32.dll!RegQueryValueExW 7698F79F 7 Bytes JMP 0041A310 C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest)
.text C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] ADVAPI32.dll!RegEnumKeyExW 7698FAF8 7 Bytes JMP 0041A0F0 C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest)
.text C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] ADVAPI32.dll!RegFlushKey 76993116 7 Bytes JMP 00419F50 C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest)
.text C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] ADVAPI32.dll!RegSetValueW 7699507C 5 Bytes JMP 0041A370 C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest)
.text C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] ADVAPI32.dll!RegSetValueA 769D52E1 5 Bytes JMP 0041A340 C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest)
.text C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] ole32.dll!CoCreateInstance 767AE188 5 Bytes JMP 0041A500 C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[1232] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[1232] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[1232] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[1232] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Defender\MSASCui.exe[2224] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00222F30] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Defender\MSASCui.exe[2224] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00222D00] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Defender\MSASCui.exe[2224] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00222CA0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Defender\MSASCui.exe[2224] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00222CD0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02522F30] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [02522D00] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02522CA0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[2348] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02522CD0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\hp\support\hpsysdrv.exe[3196] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00242F30] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\hp\support\hpsysdrv.exe[3196] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00242D00] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\hp\support\hpsysdrv.exe[3196] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00242CA0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\hp\support\hpsysdrv.exe[3196] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00242CD0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3240] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008C2F30] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3240] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [008C2D00] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3240] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008C2CA0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3240] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008C2CD0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[3976] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00172F30] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[3976] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00172D00] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[3976] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00172CA0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[3976] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00172CD0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[3988] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[3988] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[3988] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[3988] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\RtHDVCpl.exe[4284] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003B2F30] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\RtHDVCpl.exe[4284] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003B2D00] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\RtHDVCpl.exe[4284] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003B2CA0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\RtHDVCpl.exe[4284] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003B2CD0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\System32\rundll32.exe[4384] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [000B2F30] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\System32\rundll32.exe[4384] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [000B2D00] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\System32\rundll32.exe[4384] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [000B2CA0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\System32\rundll32.exe[4384] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [000B2CD0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[4432] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00272F30] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[4432] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00272D00] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[4432] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00272CA0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[4432] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00272CD0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\ehome\ehtray.exe[4748] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\ehome\ehtray.exe[4748] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\ehome\ehtray.exe[4748] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\ehome\ehtray.exe[4748] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[4788] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[4788] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[4788] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[4788] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4800] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008B2F30] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4800] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [008B2D00] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4800] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008B2CA0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4800] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008B2CD0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[5028] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00172F30] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[5028] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00172D00] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[5028] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00172CA0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[5028] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00172CD0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[5316] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00132F30] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[5316] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00132D00] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[5316] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00132CA0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[5316] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00132CD0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\hp\kbd\kbd.exe[5832] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [015A2F30] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\hp\kbd\kbd.exe[5832] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [015A2D00] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\hp\kbd\kbd.exe[5832] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [015A2CA0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\hp\kbd\kbd.exe[5832] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [015A2CD0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[6628] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [001D2F30] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[6628] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [001D2D00] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[6628] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [001D2CA0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[6628] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [001D2CD0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\setup_wm.exe[28884] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [006E2F30] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\setup_wm.exe[28884] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [006E2D00] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\setup_wm.exe[28884] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [006E2CA0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\setup_wm.exe[28884] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [006E2CD0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[73324] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [001C2F30] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[73324] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [001C2D00] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[73324] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [001C2CA0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[73324] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [001C2CD0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[80168] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CE2F30] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[80168] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00CE2D00] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[80168] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CE2CA0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[80168] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CE2CD0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe[88108] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe[88108] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe[88108] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe[88108] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[92792] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01BF2F30] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[92792] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01BF2D00] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[92792] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01BF2CA0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[92792] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01BF2CD0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wusa.exe[96400] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00422F30] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wusa.exe[96400] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00422D00] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wusa.exe[96400] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00422CA0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wusa.exe[96400] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00422CD0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe[97160] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Tommy\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe[104032] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00382F30] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Tommy\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe[104032] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00382D00] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Tommy\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe[104032] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00382CA0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Tommy\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe[104032] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00382CD0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[110580] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01F32F30] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[110580] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01F32D00] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[110580] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01F32CA0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[110580] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01F32CD0] C:\Windows\TEMP\logishrd\LVPrcInj09.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp pctgntdi.sys
AttachedDevice \Driver\tdx \Device\Udp pctgntdi.sys
AttachedDevice \Driver\tdx \Device\RawIp pctgntdi.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Processes - GMER 1.0.15 ----

Process avwsc.exe (*** hidden *** ) 7788
Process avwsc.exe (*** hidden *** ) 14632
Process hidden process (*** hidden *** ) 20808
Process hidden process (*** hidden *** ) 22572
Process hidden process (*** hidden *** ) 23564
Process avwsc.exe (*** hidden *** ) 27256
Process hidden process (*** hidden *** ) 30864
Process avwsc.exe (*** hidden *** ) 31044
Process hidden process (*** hidden *** ) 31624
Process hidden process (*** hidden *** ) 37652
Process hidden process (*** hidden *** ) 38496
Process wermgr.exe (*** hidden *** ) 38896
Process hidden process (*** hidden *** ) 39228
Process avwsc.exe (*** hidden *** ) 42808
Process avwsc.exe (*** hidden *** ) 43284
Process avwsc.exe (*** hidden *** ) 43320
Process hidden process (*** hidden *** ) 43436
Process hidden process (*** hidden *** ) 44876
Process hidden process (*** hidden *** ) 44880
Process hidden process (*** hidden *** ) 45044
Process avwsc.exe (*** hidden *** ) 45148
Process SearchProtocolH (*** hidden *** ) 46252
Process hidden process (*** hidden *** ) 46932

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\System32\LogFiles\Scm\SCM.EVM (size mismatch) 51904512/47906816 bytes

---- EOF - GMER 1.0.15 ----


DDS log



DDS (Ver_09-03-16.01) - NTFSx86
Run by Tommy at 21:40:42.05 on Mon 04/06/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.1309 [GMT -7:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Kodak\AiO\center\KodakSvc.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\RtHDVCpl.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\setup_wm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe
C:\Windows\system32\wusa.exe
C:\Windows\ehome\mcupdate.EXE
C:\Windows\ehome\mcupdate.EXE
C:\Windows\ehome\mcupdate.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\ehome\mcupdate.EXE
c:\program files\windows defender\MpCmdRun.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Tommy\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://us.mg2.mail.yahoo.com/dc/launch?.rand=39gnl8arvsmpe
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [<NO NAME>]
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [CCUTRAYICON] FactoryMode
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe" -delete
mRun: [<NO NAME>]
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\users\tommy\desktop\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\tommy\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\xfire.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
TCP: {1503B5E1-0606-4960-A098-F98B5435B4C5} = 208.67.222.222,208.67.220.220
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\tommy\appdata\roaming\mozilla\firefox\profiles\snxcrt6m.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&q=
FF - component: c:\users\tommy\appdata\roaming\mozilla\firefox\profiles\snxcrt6m.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFAlert.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\dyyno\dyyno player\npvlc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\users\tommy\appdata\roaming\mozilla\firefox\profiles\snxcrt6m.default\extensions\npdyyno@dyyno.com\plugins\npDyyno.dll

============= SERVICES / DRIVERS ===============

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2008-12-27 159600]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2008-12-27 73840]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2008-12-27 95640]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2007-12-19 21920]

=============== Created Last 30 ================

2009-04-04 03:05 <DIR> --d----- c:\users\tommy\appdata\roaming\Folding@home-x86
2009-04-04 03:05 <DIR> --d----- c:\program files\Folding@home
2009-04-04 02:55 0 a---h--t c:\windows\wusa.lock
2009-04-04 02:55 <DIR> --d----- C:\7142265b6ed3e536fdca
2009-04-04 00:56 <DIR> --d----- c:\program files\common files\GSplit
2009-04-03 04:03 <DIR> --d----- c:\programdata\kds_kodak
2009-04-03 04:03 <DIR> --d----- c:\progra~2\kds_kodak
2009-03-22 17:02 <DIR> --d----- c:\programdata\Eastman Kodak Company
2009-03-22 17:02 <DIR> --d----- c:\progra~2\Eastman Kodak Company
2009-03-22 17:01 636 a------- c:\windows\system32\InstallUtil.InstallLog
2009-03-22 16:40 12,800 a------- c:\windows\system32\EKDeviceServices.dll
2009-03-22 14:43 <DIR> --d----- c:\users\tommy\appdata\roaming\Temp
2009-03-20 15:25 41,808 a------- c:\windows\system32\xfcodec.dll
2009-03-17 23:08 <DIR> --d----- c:\program files\Panda Security
2009-03-10 15:39 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-03-10 15:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-03-10 15:39 4,096 a------- c:\windows\system32\msdxm.ocx
2009-03-10 15:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-03-10 15:39 268,288 a------- c:\windows\system32\schannel.dll
2009-03-10 15:39 2,033,152 a------- c:\windows\system32\win32k.sys

==================== Find3M ====================

2009-04-06 03:49 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-03-26 16:49 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 16:49 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-22 15:44 143,360 a------- c:\windows\inf\infstrng.dat
2009-03-22 15:44 51,200 a------- c:\windows\inf\infpub.dat
2009-03-22 15:44 86,016 a------- c:\windows\inf\infstor.dat
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 15:58 13,785 a------- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-03-06 15:57 5,068,152 a------- c:\windows\system32\SpoonUninstall.exe
2009-02-18 20:19 138,064 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-02-18 20:18 188,848 a------- c:\windows\system32\PnkBstrB.exe
2009-02-06 19:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-02-01 21:46 70,968 a------- c:\windows\system32\PnkBstrA.exe
2009-01-15 15:23 12,800 a------- c:\windows\help\oem\scripts\HCDownloadApp.exe
2009-01-14 23:11 827,392 a------- c:\windows\system32\wininet.dll
2008-11-21 17:14 56 a---h--- c:\programdata\ezsidmv.dat
2008-11-21 17:14 56 a---h--- c:\progra~2\ezsidmv.dat
2008-10-28 15:29 22,328 a------- c:\users\tommy\appdata\roaming\PnkBstrK.sys
2008-07-01 19:20 2,788,800 a------- c:\program files\FLV PlayerFCSetup.exe
2008-06-22 02:36 174 a--sh--- c:\program files\desktop.ini
2008-06-22 02:25 665,600 a------- c:\windows\inf\drvindex.dat
2008-02-20 13:33 0 a------- c:\users\tommy\appdata\roaming\wklnhst.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-10-03 16:45 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-10-03 16:45 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-10-03 16:45 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 21:42:48.56 ===============

Attached Files


Edited by Kenai, 06 April 2009 - 11:44 PM.


#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 PM

Posted 07 April 2009 - 02:41 PM

Hello.

From the GMER log "avwsc.exe" was "hidden", which is related to Avira.

I would first want you to uninstall Avira. Please run the following tool afterwards and we will continue next post. I need to confirm something.

Install Recovery Console and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 Kenai

Kenai
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 08 April 2009 - 02:16 AM

Ran into a problem, After I ran combofix it closed but didn't restart my computer so I restarted it manually and upon logging into my account I couldn't connect to the internet, I tried unplugging, going directly instead of through my router, resetting my dsl box but nothing worked so i restored back to the restore point combofix made and I was able to connect to the internet

This is the log combofix made though don't know if it has anything to do with what ever happened to my internet (and for that point, wireless still worked, my ps3 could still connect to the internet and there is no wireless sources other than my router in this area so it makes me think that for some reason combofix deleted or affected some file on my computer that whacked up my internet...)



ComboFix 09-04-04.01 - Tommy 2009-04-07 18:23:55.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.1894 [GMT -7:00]
Running from: c:\users\Tommy\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet Files\ijjistarter_verinfo.dat

----- BITS: Possible infected sites -----

hxxp://download.kodak.com
.
((((((((((((((((((((((((( Files Created from 2009-03-08 to 2009-04-08 )))))))))))))))))))))))))))))))
.

2009-04-04 03:05 . 2009-04-04 03:08 <DIR> d-------- c:\users\Tommy\AppData\Roaming\Folding@home-x86
2009-04-04 03:05 . 2009-04-04 03:05 <DIR> d-------- c:\program files\Folding@home
2009-04-04 02:55 . 2009-04-04 02:55 <DIR> d-------- C:\7142265b6ed3e536fdca
2009-04-04 02:55 . 2009-04-04 02:55 0 --ah---t- c:\windows\wusa.lock
2009-04-04 00:56 . 2009-04-07 04:36 <DIR> d-------- c:\program files\Common Files\GSplit
2009-04-03 04:03 . 2009-04-03 04:03 <DIR> d-------- c:\users\All Users\kds_kodak
2009-04-03 04:03 . 2009-04-03 04:03 <DIR> d-------- c:\programdata\kds_kodak
2009-03-22 17:02 . 2009-03-22 17:02 <DIR> d-------- c:\users\All Users\Eastman Kodak Company
2009-03-22 17:02 . 2009-03-22 17:02 <DIR> d-------- c:\programdata\Eastman Kodak Company
2009-03-22 17:01 . 2009-03-22 17:02 636 --a------ c:\windows\System32\InstallUtil.InstallLog
2009-03-22 16:40 . 2009-01-19 16:52 12,800 --a------ c:\windows\System32\EKDeviceServices.dll
2009-03-22 14:43 . 2009-03-22 14:43 <DIR> d-------- c:\users\Tommy\AppData\Roaming\Temp
2009-03-20 15:25 . 2009-03-20 15:25 41,808 --a------ c:\windows\System32\xfcodec.dll
2009-03-17 23:08 . 2009-03-17 23:08 <DIR> d-------- c:\program files\Panda Security
2009-03-10 15:39 . 2008-12-15 20:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-10 15:39 . 2009-02-08 20:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-10 15:39 . 2008-11-26 21:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-10 15:39 . 2008-12-15 22:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-10 15:39 . 2008-12-15 22:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-10 15:39 . 2008-12-15 22:31 4,096 --a------ c:\windows\System32\dxmasf.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-08 01:19 --------- d-----w c:\program files\Steam
2009-04-08 01:18 --------- d---a-w c:\programdata\TEMP
2009-04-08 01:17 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-04-08 00:07 --------- d-----w c:\programdata\Xfire
2009-04-07 09:44 --------- d-----w c:\users\Tommy\AppData\Roaming\Xfire
2009-03-26 23:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 23:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-26 21:29 --------- d-----w c:\program files\Java
2009-03-26 12:17 --------- d-----w c:\program files\Xfire
2009-03-23 00:02 --------- d-----w c:\programdata\Kodak
2009-03-22 22:15 --------- d-----w c:\program files\Kodak
2009-03-19 01:44 --------- d-----w c:\program files\Common Files\Steam
2009-03-17 08:52 --------- d-----w c:\program files\Microsoft Works
2009-03-11 10:08 --------- d-----w c:\program files\Windows Mail
2009-03-09 12:19 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-03-06 22:58 --------- d-----w c:\users\Tommy\AppData\Roaming\AccurateRip
2009-03-06 22:58 --------- d-----w c:\program files\Illustrate
2009-03-06 22:57 5,068,152 ----a-w c:\windows\System32\SpoonUninstall.exe
2009-03-06 10:39 --------- d-----w c:\users\Tommy\AppData\Roaming\dyyno-vlc
2009-03-06 10:33 --------- d-----w c:\program files\Dyyno
2009-03-06 06:12 --------- d-----w c:\users\Tommy\AppData\Roaming\Skype
2009-03-06 06:08 --------- d-----w c:\program files\WeGame
2009-03-06 06:07 --------- d-----w c:\users\Tommy\AppData\Roaming\skypePM
2009-03-06 03:59 --------- d-----w c:\program files\Valve
2009-03-05 04:19 --------- d-----w c:\program files\Silkroad
2009-02-27 11:00 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-24 21:33 --------- d-----w c:\users\Tommy\AppData\Roaming\MSNInstaller
2009-02-24 12:58 --------- d-----w c:\program files\PC Tools Firewall Plus
2009-02-19 03:19 138,064 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-19 03:18 188,848 ----a-w c:\windows\System32\PnkBstrB.exe
2009-02-07 02:52 49,504 ----a-w c:\windows\System32\sirenacm.dll
2009-02-02 04:46 70,968 ----a-w c:\windows\System32\PnkBstrA.exe
2009-01-15 22:23 12,800 ----a-w c:\windows\Help\OEM\scripts\HCDownloadApp.exe
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2008-11-22 00:14 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-11-22 00:14 56 ---ha-w c:\programdata\ezsidmv.dat
2008-10-28 22:29 22,328 ----a-w c:\users\Tommy\AppData\Roaming\PnkBstrK.sys
2008-07-02 02:20 2,788,800 ----a-w c:\program files\FLV PlayerFCSetup.exe
2008-06-22 09:36 174 --sha-w c:\program files\desktop.ini
2008-02-20 20:33 0 ----a-w c:\users\Tommy\AppData\Roaming\wklnhst.dat
2008-10-03 23:45 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-10-03 23:45 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-10-03 23:45 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Steam"="c:\program files\steam\steam.exe" [2008-10-08 1410296]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2007-03-28 224248]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-19 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-14 178968]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-01-28 2652056]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"Conime"="c:\windows\system32\conime.exe" [2008-01-19 69120]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-10-22 1310720]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]

c:\users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-03-20 3025232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WeGame.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WeGame.lnk
backup=c:\windows\pss\WeGame.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Tommy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DING!.lnk]
path=c:\users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DING!.lnk
backup=c:\windows\pss\DING!.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2008-07-21 14:07 2752512 c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]
--a------ 2008-10-22 06:54 1310720 c:\windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-17 00:11 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
--a------ 2007-06-01 14:40 1783400 c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2008-08-01 13:36 1103216 c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 14:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2008-02-13 14:02 564496 c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2008-02-13 14:06 2196240 c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 11:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-10-29 19:39 25798440 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-08-28 10:18 3660848 c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
--a------ 2008-09-27 21:53 3497208 c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7A3B5625-78D9-4922-ABF2-30F21E46EBDC}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{F63876C7-30A6-4E61-9BB2-B53E7362BAC7}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{D9699CBD-B153-4691-AC9A-406F65088F8A}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{E09CE15B-5F01-47D5-8BE7-FBCBB365D870}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{BCAECF92-ADD0-41AA-99BE-8F5770E8070B}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{6C8D929A-4B68-49EA-81A0-7170286E1F1B}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{40A0175B-A9DC-403A-AE5D-E2EDDECFA1AC}"= TCP:9442:127.0.0.1:Intel® Viiv™ Media Server Discovery
"{D1D8A6F1-B4A8-4038-AA50-A94B45ACF46B}"= TCP:1900:LocalSubnet:LocalSubnet:Intel® Viiv™ Media Server UPnP Discovery
"{C62A9A0D-93EF-4694-9B6B-653C888A0C1D}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E11CD62B-1268-49A0-8EB6-3C269172D1D2}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{91C21F08-BD4D-4C25-97DB-AC69D95B488E}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{60C45900-ECA0-4BF4-AF7C-E2DE5A4BA0EA}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E57CF611-7A89-4510-B9C2-57B390CBA7EC}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{96BDE7AA-D7FC-45C7-B444-F6E393B08743}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9C611B3C-D177-4996-849B-A288C618A156}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{D0404057-C537-468E-908D-46A749EE1209}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{E4AE6C63-0957-4C9B-8EB8-2727AE40DEE8}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{25BEE528-BF7C-44D4-83A8-96347A367CB3}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{8F45B792-EA8E-4952-BA08-597AD42F305E}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{2ACCC09E-D5C4-4D49-ADEA-7A8A27102D07}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{17ED07BA-29AC-4A63-95DB-F5B46621ABB3}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{2A36A2F5-A714-46E9-B2FA-AC1C65D7166E}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{D6F9D53A-53E1-473C-AA2B-7D79A47DDAE5}c:\\program files\\steam\\steamapps\\iccold\\garrysmod\\hl2.exe"= UDP:c:\program files\steam\steamapps\iccold\garrysmod\hl2.exe:hl2
"UDP Query User{B6234706-940D-41F9-BD25-4ADDEE963760}c:\\program files\\steam\\steamapps\\iccold\\garrysmod\\hl2.exe"= TCP:c:\program files\steam\steamapps\iccold\garrysmod\hl2.exe:hl2
"TCP Query User{E24DCCBC-6242-4EB4-966D-7FA028A3DC9B}c:\\program files\\steam\\steamapps\\iccold\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\iccold\source sdk base\hl2.exe:hl2
"UDP Query User{2A1E15D6-A140-4259-8344-C0C7F08FD5E8}c:\\program files\\steam\\steamapps\\iccold\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\iccold\source sdk base\hl2.exe:hl2
"TCP Query User{5BCBD66A-5D43-4456-9088-0FCED86EA211}c:\\program files\\steam\\steamapps\\iccold\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\iccold\counter-strike source\hl2.exe:hl2
"UDP Query User{E2B859A0-32EE-4FE0-BC3F-A3E339D62A6A}c:\\program files\\steam\\steamapps\\iccold\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\iccold\counter-strike source\hl2.exe:hl2
"TCP Query User{640409D9-7CC0-42DB-9AB3-D1CD7D1933E8}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{9FC8B161-1DA4-447C-BB1E-E4C0592115AC}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{A3C5B5FB-6D3F-4809-BA01-C6029FBE2DF1}c:\\world of warcraft\\backgrounddownloader.exe"= UDP:c:\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{22026C8B-0F8B-4E43-BA50-E18DB7493BE4}c:\\world of warcraft\\backgrounddownloader.exe"= TCP:c:\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"TCP Query User{27CB701F-2605-47BA-972C-49D099C20140}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{CAEC1498-4346-43E2-A1EF-B05E23DF7167}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{9076F437-F0DE-4946-9CDF-3A6616883606}c:\\program files\\steam\\steamapps\\iccold\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\iccold\team fortress 2\hl2.exe:hl2
"UDP Query User{876F7226-24A9-4A3E-B66B-00350FC54D34}c:\\program files\\steam\\steamapps\\iccold\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\iccold\team fortress 2\hl2.exe:hl2
"TCP Query User{9C2470A6-1FDC-4C2D-8DE0-C966EB39A680}c:\\program files\\steam\\steamapps\\iccold\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\iccold\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{8C79832E-F49F-4425-A580-0C2F9DBE1449}c:\\program files\\steam\\steamapps\\iccold\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\iccold\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{A5EBC3FA-4751-480C-B2F1-6FE92160A9D1}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{3F9BD9C8-D710-4043-82B8-AA5F2DDCC04E}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{140D6934-6889-492B-B652-9156EB89EB6E}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{05653963-3AA7-4DDF-B044-F5F244B2F3DE}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"TCP Query User{033AAD8D-D271-46AC-99C0-F2F1D732048A}c:\\program files\\steam\\steamapps\\iccold\\synergy\\hl2.exe"= UDP:c:\program files\steam\steamapps\iccold\synergy\hl2.exe:hl2
"UDP Query User{DF9ECA62-9D18-4153-B07E-1BB90AA69E44}c:\\program files\\steam\\steamapps\\iccold\\synergy\\hl2.exe"= TCP:c:\program files\steam\steamapps\iccold\synergy\hl2.exe:hl2
"TCP Query User{0D205042-D627-4D6F-AA31-D692C13F1143}c:\\program files\\steam\\steamapps\\iccold\\synergy dedicated server\\srcds.exe"= UDP:c:\program files\steam\steamapps\iccold\synergy dedicated server\srcds.exe:srcds
"UDP Query User{AA150651-726A-4327-816F-0770A1982FC7}c:\\program files\\steam\\steamapps\\iccold\\synergy dedicated server\\srcds.exe"= TCP:c:\program files\steam\steamapps\iccold\synergy dedicated server\srcds.exe:srcds
"TCP Query User{686E686D-A377-46C7-9AF8-633CB3DDB868}c:\\program files\\steam\\steamapps\\iccold\\zombie panic! source\\hl2.exe"= UDP:c:\program files\steam\steamapps\iccold\zombie panic! source\hl2.exe:hl2
"UDP Query User{74696934-97F5-4266-98DD-37D4989A8B8E}c:\\program files\\steam\\steamapps\\iccold\\zombie panic! source\\hl2.exe"= TCP:c:\program files\steam\steamapps\iccold\zombie panic! source\hl2.exe:hl2
"TCP Query User{1E77DDCB-7BD2-4A89-BC13-257B04E829B7}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{EBA4F0EC-14EA-4C18-985C-2D44B76944F7}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{0A71FF55-03CF-46A4-9A6D-710B10FC1C50}c:\\program files\\steam\\steamapps\\iccold\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\steam\steamapps\iccold\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{8B166DAA-6E01-4AA6-83E8-BE5C7BF39D19}c:\\program files\\steam\\steamapps\\iccold\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\steam\steamapps\iccold\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{5E30D45D-0B87-49FF-95DE-91B777818DF6}c:\\program files\\activision\\call of duty - world at war beta\\codwawbeta.exe"= UDP:c:\program files\activision\call of duty - world at war beta\codwawbeta.exe:Call of Duty®: World at War Multiplayer
"UDP Query User{EE904E4D-5429-4E97-8527-FC2F7A3C1AE7}c:\\program files\\activision\\call of duty - world at war beta\\codwawbeta.exe"= TCP:c:\program files\activision\call of duty - world at war beta\codwawbeta.exe:Call of Duty®: World at War Multiplayer
"TCP Query User{E4B3E022-2E56-4EB0-BC9F-9FBD080FA72B}c:\\program files\\steam\\steamapps\\iccold\\source sdk base 2007\\hl2.exe"= UDP:c:\program files\steam\steamapps\iccold\source sdk base 2007\hl2.exe:hl2
"UDP Query User{294A6764-A87A-45C9-9053-D796BC866023}c:\\program files\\steam\\steamapps\\iccold\\source sdk base 2007\\hl2.exe"= TCP:c:\program files\steam\steamapps\iccold\source sdk base 2007\hl2.exe:hl2
"TCP Query User{72A31B58-197A-467A-9EDB-8A2071131B11}c:\\users\\tommy\\appdata\\local\\dyyno receiver\\dppm.exe"= UDP:c:\users\tommy\appdata\local\dyyno receiver\dppm.exe:dppm.exe
"UDP Query User{8121212B-AF04-4C26-B66B-CAAA8CAA4946}c:\\users\\tommy\\appdata\\local\\dyyno receiver\\dppm.exe"= TCP:c:\users\tommy\appdata\local\dyyno receiver\dppm.exe:dppm.exe
"{879FA604-87C5-4C4C-811A-41DB0591D523}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{84142A54-8234-4601-A506-2D718E7247D1}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{6A3D0481-1EC9-4CA1-BF91-7CDFDEA828D3}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{36975C79-D7E0-4BEE-9CE9-A71280CF0A93}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{32A81190-16B4-4575-821B-028B4E533D40}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"TCP Query User{A92F556C-3E08-400C-B2F5-950A858A408F}c:\\users\\tommy\\appdata\\locallow\\dyyno receiver\\dppm.exe"= UDP:c:\users\tommy\appdata\locallow\dyyno receiver\dppm.exe:dppm.exe
"UDP Query User{7EEFE5A5-9EC3-4DBB-BF4B-8B8294F63D70}c:\\users\\tommy\\appdata\\locallow\\dyyno receiver\\dppm.exe"= TCP:c:\users\tommy\appdata\locallow\dyyno receiver\dppm.exe:dppm.exe
"TCP Query User{44313C78-AE42-4C15-880F-E68CA21013CC}c:\\program files\\steam\\steamapps\\iccold\\half-life\\hl.exe"= UDP:c:\program files\steam\steamapps\iccold\half-life\hl.exe:Half-Life Launcher
"UDP Query User{FF58F9DD-968E-4195-9B95-50DD887A2109}c:\\program files\\steam\\steamapps\\iccold\\half-life\\hl.exe"= TCP:c:\program files\steam\steamapps\iccold\half-life\hl.exe:Half-Life Launcher
"TCP Query User{15BE9C07-FFF8-474D-9B88-643D769F3BBF}c:\\program files\\call of duty\\codmp.exe"= UDP:c:\program files\call of duty\codmp.exe:CoDMP
"UDP Query User{185DEFC6-E268-418B-8A15-607073F893DA}c:\\program files\\call of duty\\codmp.exe"= TCP:c:\program files\call of duty\codmp.exe:CoDMP
"TCP Query User{DBA4933D-D4E4-4F62-86DF-C07C5FD17634}c:\\program files\\steam\\steamapps\\iccold\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\iccold\team fortress 2\hl2.exe:hl2
"UDP Query User{800DD68B-22A1-4AEA-BCBA-6F91CB3EB339}c:\\program files\\steam\\steamapps\\iccold\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\iccold\team fortress 2\hl2.exe:hl2
"TCP Query User{06E50A0A-795B-468F-9EA9-03E5179DCA8A}c:\\program files\\steam\\steamapps\\iccold\\synergy\\hl2.exe"= UDP:c:\program files\steam\steamapps\iccold\synergy\hl2.exe:hl2
"UDP Query User{B36087EE-6D6E-492F-BCC2-A5A2EFA63741}c:\\program files\\steam\\steamapps\\iccold\\synergy\\hl2.exe"= TCP:c:\program files\steam\steamapps\iccold\synergy\hl2.exe:hl2
"TCP Query User{6E96FEE7-9D31-4D63-AE0C-9DA3324C6C31}c:\\users\\tommy\\appdata\\locallow\\dyyno receiver\\dppm.exe"= UDP:c:\users\tommy\appdata\locallow\dyyno receiver\dppm.exe:dppm.exe
"UDP Query User{E582F4E5-BA8B-41DB-A2E9-147CE1451A67}c:\\users\\tommy\\appdata\\locallow\\dyyno receiver\\dppm.exe"= TCP:c:\users\tommy\appdata\locallow\dyyno receiver\dppm.exe:dppm.exe
"TCP Query User{735AF730-01FD-40B5-8F23-8F0B3EB1365C}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{9D62AA00-2B7A-41C7-B058-170028043D0E}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{72A3FBDF-29DB-4F80-BD31-66253CED0377}c:\\program files\\steam\\steamapps\\iccold\\source sdk base 2007\\hl2.exe"= UDP:c:\program files\steam\steamapps\iccold\source sdk base 2007\hl2.exe:hl2
"UDP Query User{5B91F2F7-E0C2-468D-A554-67491B79D5ED}c:\\program files\\steam\\steamapps\\iccold\\source sdk base 2007\\hl2.exe"= TCP:c:\program files\steam\steamapps\iccold\source sdk base 2007\hl2.exe:hl2
"TCP Query User{B2AFEC76-08B8-43FA-9837-AE42F48EE7A3}c:\\program files\\steam\\steamapps\\iccold\\garrysmod\\hl2.exe"= UDP:c:\program files\steam\steamapps\iccold\garrysmod\hl2.exe:hl2
"UDP Query User{62912BDE-4526-4823-9437-470DB37140A6}c:\\program files\\steam\\steamapps\\iccold\\garrysmod\\hl2.exe"= TCP:c:\program files\steam\steamapps\iccold\garrysmod\hl2.exe:hl2
"TCP Query User{301BC52E-AE83-40FE-BA5F-450C313C01E3}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{1D6D180D-2DA3-418A-9423-CDCF4ACD7C93}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{7B2E91E7-A58D-4DC4-9037-83DB7B6ADC53}c:\\program files\\call of duty\\codmp.exe"= UDP:c:\program files\call of duty\codmp.exe:CoDMP
"UDP Query User{8D96753C-AFC9-4014-83F0-3ADA885402D3}c:\\program files\\call of duty\\codmp.exe"= TCP:c:\program files\call of duty\codmp.exe:CoDMP
"{18989265-632D-4C15-827E-449A8A123A03}"= UDP:80:ps3 port1
"{ECCB3A24-C2BB-4CFF-94C2-306002452092}"= UDP:443:ps3 port 2
"{1819A44B-7506-46FC-907D-762AC6957527}"= UDP:5223:ps3 port 3
"{099F491E-762C-433F-A971-BB709C108978}"= TCP:3478:ps3 port 4
"{6883277B-9FA3-4A83-9746-1355C73419F6}"= TCP:3479:ps3 port 5
"{3D04B168-E2D6-42CB-A7DB-ACFDF7BA53E0}"= TCP:3658:ps3 port 6
"{A8A45341-E65F-4869-B555-34D1C347DDD9}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{DE239778-01C2-4752-B947-77E90B9260CD}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{225EE5CA-AD71-4B49-8980-46D7D5D28B8C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2B4ACA0E-3557-4014-8669-AE492726674F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{48A3B101-9A66-4ED3-999F-46A20E6CE887}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead demo\left4dead.exe:Left 4 Dead Demo
"{8D0F8420-30D0-4C65-BCCC-EC09B884AF28}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead demo\left4dead.exe:Left 4 Dead Demo
"{97F3AFAA-29C8-4DBB-B719-7AA10F80BC72}"= UDP:c:\program files\Steam\steamapps\common\peggle nights\PeggleNights.exe:Peggle Nights
"{B92CEBA2-D5CA-4AF4-B076-2CF9F230A10A}"= TCP:c:\program files\Steam\steamapps\common\peggle nights\PeggleNights.exe:Peggle Nights
"{7D01B4BD-E1C5-474D-8BB3-E8D76F2726F1}"= UDP:9322:EKDiscovery
"{79427473-3E59-4AF8-8E18-19F6F213C451}"= UDP:9323:EKDiscovery

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2008-12-27 159600]
R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKDiscovery.exe [2009-01-19 279960]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\AiO\Center\KodakSvc.exe [2009-01-19 38296]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\System32\drivers\PCTAppEvent.sys [2008-12-27 73840]
R3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw.sys [2008-12-27 95640]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\System32\drivers\ScreamingBAudio.sys [2007-12-19 21920]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [2006-05-10 29696]
.
Contents of the 'Scheduled Tasks' folder

2009-04-08 c:\windows\Tasks\User_Feed_Synchronization-{B213D993-DC23-4111-ACBE-1D2D4BE08E56}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 00:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mg2.mail.yahoo.com/dc/launch?.rand=39gnl8arvsmpe
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {1503B5E1-0606-4960-A098-F98B5435B4C5} = 208.67.222.222,208.67.220.220
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
FF - ProfilePath - c:\users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\snxcrt6m.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\snxcrt6m.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFAlert.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\snxcrt6m.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-07 18:28:59
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-04-07 18:30:50
ComboFix-quarantined-files.txt 2009-04-08 01:30:48

Pre-Run: 267,122,094,080 bytes free
Post-Run: 268,233,793,536 bytes free

375 --- E O F --- 2009-04-07 11:43:28

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 PM

Posted 08 April 2009 - 03:09 PM

Hello.

Regarding the internet connection try one/all of the methods below and see if you get it working again.

•Manual reboot the computer.
•Disabling/re-enabling the network connection
•Going to Control Panel > Network Connections and enable it.
•Right click on Network icon in the notification area in the lower right corner of Desktop & select "Repair".

Please install the free version of Avira again from over here.

Then update it and run a scan with it.

Post back with the results once it's done. POst back with a pair of New DDS logs as well. Any particular problems you still have?

With Regards,
Extremeboy

Edited by extremeboy, 08 April 2009 - 03:12 PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 PM

Posted 11 April 2009 - 09:36 AM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 from the day I replied, the topic will need to be closed.

Thanks for understanding. :thumbup2:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 PM

Posted 13 April 2009 - 12:29 PM

Hello.

Due to Lack of feedback, this topic is now Closed.

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic in the Hijackthis-Malware Removal forum.

With Regards,
Extremeboy

Hello.

Due to Lack of feedback, this topic is now Closed.

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic in the Hijackthis-Malware Removal forum.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users