Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fed up with an "infection" of 4+ yrs


  • This topic is locked This topic is locked
19 replies to this topic

#1 QuillNib

QuillNib

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 PM

Posted 17 January 2011 - 12:12 AM

Hi everyone! Being a good site that comes up a lot on google searches, I've often perused or come upon this site as I've searched for help on various issues I've had through the years. Finally, I come to you as a registered user with my own plead for help. Hopefully I can get to the bottom of this. I work on the computer for what I'm hoping to be my career so I need a stable computer. I am currently setting up an isolated system that will having my required software and nothing else, but I'd like to see if I can find a resolution to this.

There will be a LOT of background here but I figured I need to get everything out so it's understand what I've been dealing with and what I've done. So I hope you can be patient and get a good read....and hope I can finally get an answer else I succumb to accepting I have to deal with this forever on at least 1 computer because humans from the future or aliens are using my computer and I can't do anything about it. :(

My problem is one of sporadic, random onsets of sluggishness, marked by slowly, steady, ticking hard drive activity.

* * *


To try to sum this up as quickly as possible I've had this problem for over 4 years. Started on a now 7-yr old XP computer, thought it was a bad hard drive (from the best majority guess of various people), so I bought a new one, but the problem reappeared (though the old HDD's SMART is indeed tripped). I then got a new computer (the current Win 7 one; specs in profile) and the problem came back.

My only suspicion of how it gets transferred is through USB connection and does not require any specific program to be run. First time I wiped my Win 7 computer, I forget to disable autorun and when I connected my external hard drive with most of my data, both the external and the computer's hard drive were clicking with activity even after I stopped the autorun's scan. It kept going on for many minutes and would not let me eject it because it was in use. And it DID get slow and stayed like that for like 10 minutes, even after d/c the HDD "unsafely." Maybe it was indexing or something, but I was pretty sure all those funky settings about indexing or whatever were off. Either way, few days later, the problem came back AND, even before it fully re-appeared, there was a small but noticeable drop in speed after connected my hard drive. It was still fast and worked nicely, but having used it for a few days after wiping, I could tell it ran noticeably slightly slower and stayed the way - even though all I did was plug and unplug that HDD. That is not the only time it happened; there were other instances of plugging that HDD in or one of my flash drives, and immediately the computer got slow, and would never fully go back to the old, newly-wiped speed.

When the symptom comes up, the hard drive does this continuous, steady clicking, and once in a while throws in a few fast ones and drum rolls. All programs and windows act really slow. Open a browser tab, minimize a program, restore it, close a windows explorer, they may take 10 - 30 seconds to react after clicking. There will little moments when it's smooth and I can browse internet for a bit, but doesn't last more than a minute maybe and it's back to 10+ second lag. After some weeks or couple of months, the C partition free space starts being eaten away - only C. Without explanation it is drained until it shows you it has 0 KB free. At first, once the sluggishness breaks, the space is a restored. After a few more times though, the space is not recovered. I once freed up 500 MB and watched it fall to 0 KB within 3 minutes. I checked task manager, checked most recently changes files, checked event viewer...nothing was off. The space mysteriously disappeared - total of 2GB before I stopped bothered to free up more space; this is when I move my temp folders to D partition. Then after some time more, a month more or so, it gets really bad, so that I had some moments of (barely) tolerable slowness, and then everything stops responding and it can take 5 - 10 minutes for it to unfreeze. The clicking and slowness takes anywhere from a few hours to 3 days to "run it's course" and finally break and bring the computer back to normal speed. Restarting the computer or having the internet / network cables disconnected makes no difference. I have to let it be until the computer decides to go back to normal. I can have anywhere from a week to a month of normalcy before I get hit again.

When it's slow, checking performance in task manager shows it is the CPU that is affected, at 99 or 100% usage.

In the Win XP PC, the problem could go even further. Once the 2 hours - 3 day slow period comes around, startup programs start failing from DLL loading or missing DLL errors, on anything from AVG to print services. Some DLLs reported missing have names of random alpha-numeric characters. Then the windows shell skin/theme breaks and I get the Windows 98 look or a few random graphics bugs. Finally, the profile is killed, forcing to me log into "default profile" because the profile data on registry is corrupted. Other user profiles were ok, but when I started using them, even with only basic usage like word and (safe!) internet use, the user profile slowly began to show the same symptoms. I never allowed it to get to the profile-breaking level again; I'd do a wipe once I got to the potential 3 day lag period. Usually takes 6 months to get this bad.

On my Win 7 computer, it has gotten to that 3 day period once (was actually 4 days), but it doesn't seem to get worse than that (or maybe I just don't wait that long). The worst that happens is my printer spool fails on startup. the 0 KB issue also does not occur. I THINK i saw it happen once - I can't remember for sure which hard drive - but it only lasted a few minutes and didn't happen again. So far the 0 KB issues has not returned.

It's possible that when my XP registry got corrupted, it was in fact due to the hard drive going bad. But the fact that I've also had the printer spooler fail on my Win 7 PC, and possibly one or two curious start up errors I'm not remembering at the moment, makes me suspect the registry problem was related, but I don't know. That hard drive acts slow and I don't use it since - like I said - SMART is tripped, but all the data seems intact and the only issue I've really had is what I reported above as what seemed like the progression of the problem.

Total, this has happened over 2 computers (and possibly my laptop, now dead from unrelated issue), and thus 3-4 different system hard drives.

Whenever I say the problem "comes back," I mean it comes back AFTER reformatting the affected system hard drive. Only the last 2 times have I done full formats on ALL my hard drives, keeping autoplay disabled as I shifted files around.

* * *


I've asked everyone I can and have done nearly everything short of handing my computer over to someone else to look at it and use it or paying for "pro" treatment, which I've always believed can't be anything more special than anything I or my tech-ier friends can do. I've asked my expert friends, the IT heads at my university, the more knowledgeable employees at Circuit City and Staples, HP and Sony online chat tech support, posted on a certain gamers forum and at lockergnome forums. Over the years I've tried Avira, a2, AVG, AdAware, Spybot, MalwareBytes, Bazooka Scanner, always ran 2 firewalls (I only remember 1 was sygate) + windows firewall if available on XP. I've personally, manually clicked through EVERY SINGLE FOLDER on my computer, personally eyeing EVERY SINGLE FILE on my computer (showing all system and hidden files) at least 4 times to look for any file or folder that seemed suspicious. I've had autoplay disabled, autoruns on external hard drives killed/disabled, full formats on all hard drives. Yes, people have ideas, but nothing works and they ALL end up baffled. Yes, the malware scanners find some things here and there, sometimes some major problems earlier on, but my problem always comes back.

I am totally baffled. As my boss at my university says, the truth should be that it doesn't matter AT ALL what infection I have, no matter how nasty or hidden or advanced or deeply-rooted or whatever - you don't even need so many years before every well known malware scanner knows about it and knows how to find it - and usually remove it. And if it's not in files, wipes should destroy it. It's like my only last resort is a scorched earth. Activate the Halo rings, destroy the universe and all data, and start anew!

I WILL admit that as far as I know there is ONE thing I still have not done - removing some potentially suspicious files. I have a couple of no CD cracks for games I own and a DRM ripper that only works on music you legally own and have licenses for. Despite being the only thing I can see remotely possible as being problematic, I've checked them out and they're "trusted" and I don't see anyone having a problem with them. Moreover, I haven't run them at all before the last couple times I've had issues, and I'm nearly 100% sure I got these long after I first started having these issues.

If this "infection" came from unsafe internet use, I'm sure it was from earlier, more fitting the 4 - 5 year timeframe when I first started experiencing problems. Didn't know much back then and did some torrents and stuff that are long gone and deleted now. Regardless, it frustrates me because I said, I'd think the way malware and malware scanners work, ANYTHING, any remnants I could have, should be removable and fixable right? So what's going on???? :wacko:

* * *


Today, my Win 7 computer began exhibiting the symptoms again when I JUST wiped ALL my hard drives, carefully moving things around to wipe each one, just a few weeks ago. I only had windows explorer and firefox open and everything was taking 10 - 30 seconds to react. I ran a hijackthis. Does anyone see anything strange here????

Attached File  hijackthis QuillNib 1-16-11.log   9.38KB   3 downloads

Edited by boopme, 17 January 2011 - 10:42 AM.
Moved to appropriate forum


BC AdBot (Login to Remove)

 


#2 QuillNib

QuillNib
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 PM

Posted 17 January 2011 - 12:15 AM

why can't I delete my own topic? <.<

I was so focused on typing up my message it slipped my mind to put this in the right forums. Sorry mods..and is there delete button I'm not seeing?

#3 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:27 PM

Posted 17 January 2011 - 12:38 AM

With the information you have provided I believe you will need help from the malware removal team. I would like you to start a new thread and post a DDS log HERE and include a link to this thread. Please make sure that you read the information about getting started before you start your thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. Help is on the way!

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#4 QuillNib

QuillNib
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 PM

Posted 22 January 2011 - 06:31 PM

Thanks for the reply, I am doing this now. I have done what I can of the steps and am ready to make my new post.

Shall I link to this topic in lieu of a full message, or might it be better to just copy everything to that one and forget about this one?

#5 QuillNib

QuillNib
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 PM

Posted 13 February 2011 - 02:46 AM

well, since this was already moved, I figure I'll just keep posting in this topic. Here's the DDS.txt and Attach.txt. No GMER log because this is Win 7 64 bit.

As I've said before, this is an intermittent issue. Since I first posted, it actually has not happened again. *shrugs*


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Rhoi at 18:26:02.60 on Sat 01/22/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.6140.3781 [GMT -5:00]

AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe
C:\Program Files (x86)\Lexmark 7600 Series\lxdwMsdMon.exe
C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Windows\system32\lxdwcoms.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Users\Rhoi\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
D:\Program Files (x86)\Xfire\Xfire.exe
D:\Program Files (x86)\Xfire\xfire64.exe
D:\Program Files (x86)\Xfire\xfire64.exe
C:\Windows\explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Rhoi\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Rhoi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
StartupFolder: C:\Users\Rhoi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Rhoi\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Rhoi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Xfire.lnk - D:\Program Files (x86)\Xfire\Xfire.exe
mPolicies-explorer: DontSetAutoplayCheckbox = 1 (0x1)
mPolicies-explorer: NoAutorun = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
AppInit_DLLs: {DLL_Str}
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
mRun-x64: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
mRun-x64: [lxdwmon.exe] "C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe"
mRun-x64: [lxdwamon] "C:\Program Files (x86)\Lexmark 7600 Series\lxdwamon.exe"
mRun-x64: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
AppInit_DLLs-X64: {DLL_Str}
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Rhoi\AppData\Roaming\Mozilla\Firefox\Profiles\721opeon.default\
FF - component: C:\Users\Rhoi\AppData\Roaming\Mozilla\Firefox\Profiles\721opeon.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: C:\Users\Rhoi\AppData\Roaming\Mozilla\Firefox\Profiles\721opeon.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\nprpjplug.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Users\Rhoi\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2010-12-22 69152]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2010-11-20 21544]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 173984]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-24 203776]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-25 135336]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-11-25 267944]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-11-25 83120]
R2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\GIGABYTE\EasySaver\essvr.exe [2010-11-20 68136]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-12-3 1402272]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-8 373640]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-9-17 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2010-12-13 72216]
R2 lxdw_device;lxdw_device;C:\Windows\system32\lxdwcoms.exe -service --> C:\Windows\system32\lxdwcoms.exe -service [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-22 1153368]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-12-3 17440]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2009-5-18 702976]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-11-20 347680]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxdwserv.exe [2010-12-31 33960]
S3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-10-27 8012288]
S3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-10-27 287232]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2010-11-20 25640]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2010-11-20 30528]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\System32\drivers\HCW85BDA.sys [2009-6-10 1192448]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;C:\Windows\System32\drivers\wg111v3.sys [2009-11-18 446976]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-20 1255736]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-11-11 306416]
S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);C:\Windows\System32\drivers\ymidusbx64.sys [2010-12-26 48200]

=============== Created Last 30 ================

2011-01-22 03:04:55 -------- d-----w- C:\PROGRA~3\Xfire
2011-01-22 03:04:50 -------- d-----w- C:\Users\Rhoi\AppData\Roaming\Xfire
2011-01-22 01:03:14 7844688 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{B1A297BA-9284-49BB-AF85-A30ACE1B24F4}\mpengine.dll
2011-01-19 06:15:59 -------- d-----r- C:\Users\Rhoi\Podcasts
2011-01-19 06:13:09 -------- d-----w- C:\Windows\System32\drivers\UMDF\pt-BR
2011-01-19 06:13:08 -------- d-----w- C:\Windows\System32\drivers\UMDF\pt-PT
2011-01-19 06:13:06 -------- d-----w- C:\Windows\System32\drivers\UMDF\nl-NL
2011-01-19 06:13:05 -------- d-----w- C:\Windows\System32\drivers\UMDF\it-IT
2011-01-19 06:13:03 -------- d-----w- C:\Windows\System32\drivers\UMDF\de-DE
2011-01-19 06:13:01 -------- d-----w- C:\Windows\System32\drivers\UMDF\fr-FR
2011-01-19 06:12:59 -------- d-----w- C:\Windows\System32\drivers\UMDF\es-ES
2011-01-19 06:10:55 758272 ----a-w- C:\Windows\System32\PortableDeviceApi.dll
2011-01-19 06:10:55 547840 ----a-w- C:\Windows\SysWow64\PortableDeviceApi.dll
2011-01-06 06:53:13 -------- d-----r- C:\Users\Rhoi\Dropbox
2011-01-06 06:51:33 -------- d-----w- C:\Users\Rhoi\AppData\Roaming\Dropbox
2011-01-05 21:46:40 -------- d-----w- C:\Users\Rhoi\AppData\Roaming\Local
2011-01-05 21:46:00 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2011-01-05 21:45:57 -------- d-----w- C:\Program Files\DivX
2011-01-05 21:45:37 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2011-01-05 21:31:51 -------- d-----w- C:\Program Files (x86)\DivX
2011-01-05 21:29:34 -------- d-----w- C:\PROGRA~3\DivX
2011-01-04 04:21:31 -------- d-----w- C:\NVIDIA
2011-01-04 03:15:52 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2011-01-02 19:27:50 -------- d-----w- C:\Program Files (x86)\Veoh Networks
2011-01-01 08:11:38 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-01-01 08:11:37 -------- d-----w- C:\Program Files (x86)\Real Alternative
2011-01-01 00:10:36 -------- d-----w- C:\PROGRA~3\App4rTemp
2010-12-31 23:57:35 -------- d-----w- C:\PROGRA~3\Lexmark 7600 Series
2010-12-31 23:54:26 -------- d-----w- C:\Users\Rhoi\AppData\Roaming\Lexmark Productivity Studio
2010-12-31 23:52:17 186880 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\lxdwdrpp.dll
2010-12-31 23:50:55 987648 ----a-w- C:\Windows\System32\lxdwpmui.dll
2010-12-31 22:28:03 745984 ----a-w- C:\Windows\System32\lxdwcoin.dll
2010-12-31 22:28:03 1462272 ----a-w- C:\Windows\System32\lxdwg.dll
2010-12-31 22:28:00 -------- d-----w- C:\drivers
2010-12-31 21:38:08 -------- d-----w- C:\logs
2010-12-31 21:36:18 69632 ----a-w- C:\Windows\SysWow64\lxdwcnv4.dll
2010-12-31 21:36:18 65536 ----a-w- C:\Windows\System32\lxdwcfg64.dll
2010-12-31 21:36:18 54784 ----a-w- C:\Windows\System32\lxdwcnv464.dll
2010-12-31 18:23:59 -------- d-----w- C:\Program Files (x86)\Lexmark Toolbar
2010-12-31 18:23:55 -------- d-----w- C:\Program Files\Lexmark Printable Web
2010-12-26 23:53:53 -------- d-----w- C:\Program Files (x86)\iCare Data Recovery
2010-12-26 08:32:42 -------- d-----w- C:\Users\Rhoi\AppData\Local\ElevatedDiagnostics
2010-12-26 07:51:18 -------- d-----w- C:\Users\Rhoi\dwhelper
2010-12-26 07:34:59 48200 ----a-w- C:\Windows\System32\drivers\ymidusbx64.sys
2010-12-26 07:34:59 111176 ----a-w- C:\Windows\System32\xgusbx64.cpl
2010-12-24 21:11:38 -------- d-----w- C:\Program Files (x86)\Free M4a to MP3 Converter
2010-12-24 21:03:42 -------- d-----w- C:\Program Files (x86)\Free Convert M4A to MP3 AMR OGG AAC Converter
2010-12-24 21:03:25 164352 ----a-w- C:\Windows\SysWow64\unrar.dll
2010-12-24 21:03:24 860160 ----a-w- C:\Windows\SysWow64\lameACM.acm
2010-12-24 21:03:24 755027 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2010-12-24 21:03:24 3596288 ----a-w- C:\Windows\SysWow64\qt-dx331.dll
2010-12-24 21:03:24 217088 ----a-w- C:\Windows\SysWow64\yv12vfw.dll
2010-12-24 21:03:24 159839 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2010-12-24 21:03:24 118784 ----a-w- C:\Windows\SysWow64\ac3acm.acm
2010-12-24 21:03:23 7680 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2010-12-24 21:03:22 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2010-12-24 21:03:22 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2010-12-24 20:41:46 -------- d-----w- C:\Program Files (x86)\FFmpeg for Audacity
2010-12-24 19:43:23 -------- d-----w- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
2010-12-24 19:15:04 64 --sha-r- C:\Windows\558A584EAD538704.bin
2010-12-24 19:13:24 -------- d-----w- C:\Program Files (x86)\DV Capture

==================== Find3M ====================

2011-01-22 00:51:38 25640 ----a-w- C:\Windows\gdrv.sys
2010-12-22 05:35:06 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2010-12-20 23:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-10 06:31:01 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-12-08 18:12:30 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2010-12-08 18:12:18 33152 ----a-w- C:\Windows\System32\LMIport.dll
2010-12-08 18:12:16 80768 ----a-w- C:\Windows\System32\LMIinit.dll
2010-12-03 09:05:34 69152 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2010-12-03 09:05:33 15880 ----a-w- C:\Windows\System32\lsdelete.exe
2010-11-29 05:02:15 30528 ----a-w- C:\Windows\GVTDrv64.sys
2010-11-26 07:27:46 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2010-11-21 01:10:01 25640 ----a-w- C:\Windows\etdrv.sys
2010-11-20 22:57:11 0 ----a-w- C:\Windows\ativpsrm.bin
2010-11-12 00:44:54 94208 ----a-w- C:\Windows\SysWow64\dpl100.dll
2010-11-08 22:57:04 353592 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2010-11-08 06:20:24 89088 ----a-w- C:\Windows\MBR.exe
2010-10-27 09:00:16 8012288 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2010-10-27 08:25:38 21422592 ----a-w- C:\Windows\System32\atio6axx.dll
2010-10-27 08:08:18 16281600 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2010-10-27 07:55:32 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2010-10-27 07:55:24 547328 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2010-10-27 07:54:24 645120 ----a-w- C:\Windows\System32\aticfx64.dll
2010-10-27 07:52:18 450560 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2010-10-27 07:52:14 478208 ----a-w- C:\Windows\System32\atieclxx.exe
2010-10-27 07:51:38 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2010-10-27 07:50:30 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2010-10-27 07:50:16 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2010-10-27 07:50:10 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2010-10-27 07:49:58 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2010-10-27 07:49:54 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2010-10-27 07:49:50 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2010-10-27 07:49:46 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2010-10-27 07:46:58 4020736 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2010-10-27 07:38:04 4744704 ----a-w- C:\Windows\System32\atidxx64.dll
2010-10-27 07:35:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2010-10-27 07:35:28 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2010-10-27 07:35:20 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2010-10-27 07:35:18 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2010-10-27 07:35:08 6815744 ----a-w- C:\Windows\System32\aticaldd64.dll
2010-10-27 07:33:52 5441536 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2010-10-27 07:28:22 4094464 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2010-10-27 07:22:04 5218304 ----a-w- C:\Windows\System32\atiumd64.dll
2010-10-27 07:15:00 58880 ----a-w- C:\Windows\System32\coinst.dll
2010-10-27 07:14:58 349184 ----a-w- C:\Windows\System32\atiadlxx.dll
2010-10-27 07:14:52 249856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2010-10-27 07:14:44 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2010-10-27 07:14:42 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2010-10-27 07:14:42 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2010-10-27 07:14:38 31744 ----a-w- C:\Windows\System32\atig6txx.dll
2010-10-27 07:14:32 27136 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2010-10-27 07:14:24 287232 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2010-10-27 07:13:44 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
2010-10-27 07:13:36 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2010-10-27 07:13:30 37888 ----a-w- C:\Windows\System32\atiu9p64.dll
2010-10-27 07:13:24 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2010-10-27 07:12:56 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2010-10-27 06:57:04 3221504 ----a-w- C:\Windows\System32\atiumd6a.dll
2010-10-27 06:50:10 3460096 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2010-10-27 06:37:18 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2010-10-27 06:37:18 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2010-10-27 06:37:14 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2010-10-27 06:37:14 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

============= FINISH: 18:26:46.81 ===============


Attached File  Attach.txt   6KB   0 downloads

Edited by QuillNib, 13 February 2011 - 02:47 AM.


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:27 PM

Posted 01 April 2011 - 01:56 PM

Hello and once again, I'm very sorry for the delay. Your topic was unintentionally overlooked.

Since some time has passed, can you please give me an update on the situation and post me a new DDS log?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:27 PM

Posted 06 April 2011 - 06:53 AM

Hi, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 QuillNib

QuillNib
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 PM

Posted 09 April 2011 - 09:17 PM

Thanks for the reply, and sorry, been busy with school. I have to check back here by my own will since this account is not attached to an email address I don't check much.

situation never changes. :P It's the same; it kicks back in every so often. The slowness has happened 2 - 3 more times since I posted on this topic.

DDS:

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Quill at 21:51:28.02 on Sat 04/09/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.6140.1976 [GMT -4:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
D:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Windows\system32\lxdwcoms.exe
C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Lexmark 7600 Series\lxdwMsdMon.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Users\Quill\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
D:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Tencent\QQIntl\Bin\TXPlatform.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\WUDFHost.exe
D:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Audacity\audacity.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quill\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Quill\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [QQ2009] "C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe" /background
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
mRun: [QuickTime Task] "D:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\Quill\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Quill\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Quill\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - D:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SOLIDW~1.LNK - C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
mPolicies-explorer: DontSetAutoplayCheckbox = 1 (0x1)
mPolicies-explorer: NoAutorun = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - D:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - D:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - D:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: {DLL_Str}
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
mRun-x64: [lxdwmon.exe] "C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe"
mRun-x64: [lxdwamon] "C:\Program Files (x86)\Lexmark 7600 Series\lxdwamon.exe"
mRun-x64: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
mRun-x64: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
mRun-x64: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
AppInit_DLLs-X64: {DLL_Str}
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Quill\AppData\Roaming\Mozilla\Firefox\Profiles\721opeon.default\
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Users\Quill\AppData\Roaming\Mozilla\Firefox\Profiles\721opeon.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\nprpjplug.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\PACE Anti-Piracy\iLok\NPPaceILok.dll
FF - plugin: C:\Users\Quill\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin7.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Zynga Community Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2010-12-22 69152]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2010-11-20 21544]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 188928]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-24 203776]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-25 135336]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-11-25 269480]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-11-25 83120]
R2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\GIGABYTE\EasySaver\essvr.exe [2010-11-20 68136]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-12-3 1753048]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-8 373640]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-9-17 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2010-12-13 72216]
R2 lxdw_device;lxdw_device;C:\Windows\system32\lxdwcoms.exe -service --> C:\Windows\system32\lxdwcoms.exe -service [?]
R2 PaceLicenseDServices;PACE License Services;C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2010-11-8 2647552]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-22 1153368]
R3 iLokDrvr;Usb Driver;C:\Windows\System32\drivers\iLokDrvr.sys [2010-11-3 25720]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-12-3 17152]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2009-5-18 702976]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-11-20 347680]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-1 136176]
S2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxdwserv.exe [2010-12-31 33960]
S3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-10-27 8012288]
S3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-10-27 287232]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;D:\Program Files\SolidWorks Corp\SolidWorks (2)\swScheduler\DTSCoordinatorService.exe [2010-4-23 87336]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2010-11-20 25640]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-3-25 1315592]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2010-11-20 30528]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\System32\drivers\HCW85BDA.sys [2009-6-10 1192448]
S3 Remote Solver for Flow Simulation 2010;Remote Solver for Flow Simulation 2010;D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2010-2-1 94472]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;C:\Windows\System32\drivers\wg111v3.sys [2009-11-18 446976]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-20 1255736]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-11-11 306416]
S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);C:\Windows\System32\drivers\ymidusbx64.sys [2010-12-26 48200]

=============== File Associations ===============

txtfile=C:\Windows\notepad.exe %1

=============== Created Last 30 ================

2011-04-09 14:52:59 8424784 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{52B48B25-7B80-48BC-8E82-1E1C113E3103}\mpengine.dll
2011-04-09 14:43:52 -------- d-----w- C:\Users\Quill\AppData\Local\{97C42683-77B2-4C29-AA43-4368CC2ED156}
2011-04-08 19:55:30 -------- d-----w- C:\Users\Quill\AppData\Local\{01F2749A-82E6-4B2A-9D90-04B92DAFA08B}
2011-04-08 00:35:41 -------- d-----w- C:\Users\Quill\AppData\Local\{6B9E054E-E1A4-4004-ADBC-90466A9A620B}
2011-04-07 02:21:35 -------- d-----w- C:\Users\Quill\AppData\Local\{3C6A437F-A2DA-4F31-BC91-629F344EF087}
2011-04-06 13:53:43 601424 ------w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{C82B3ED2-A97C-452A-A935-9A0EF4DA56E5}\gapaengine.dll
2011-04-06 13:43:18 -------- d-----w- C:\Users\Quill\AppData\Local\{1504633A-E062-44C3-AD78-D6EA7369577B}
2011-04-06 05:38:04 -------- d-----w- C:\Users\Quill\AppData\Roaming\AccurateRip
2011-04-06 05:38:03 6814952 ----a-w- C:\Windows\SysWow64\SpoonUninstall.exe
2011-04-06 05:32:33 -------- d-----w- C:\Users\Quill\AppData\Roaming\AnvSoft
2011-04-06 00:14:09 -------- d-----w- C:\Users\Quill\AppData\Local\{8F7D0E4E-C5F4-4E5F-829D-281DFF5AEEEE}
2011-04-05 03:28:57 -------- d-----w- C:\Users\Quill\AppData\Local\{E6175B65-411A-4091-9704-A290E8EC0F67}
2011-04-04 07:39:23 -------- d-----w- C:\Users\Quill\AppData\Local\Apple Computer
2011-04-04 04:06:18 -------- d-----w- C:\Users\Quill\AppData\Local\{0BD7198C-F0D9-4CB2-B18B-87ED639520CE}
2011-04-03 16:05:17 -------- d-----w- C:\Users\Quill\AppData\Local\{B79B5B14-47F2-4BB4-AEDF-F282F3EAF1AF}
2011-04-03 03:27:03 -------- d-----w- C:\Users\Quill\AppData\Local\{BBD56B91-A06E-4812-BB62-0820E56844F9}
2011-04-02 15:26:11 -------- d-----w- C:\Users\Quill\AppData\Local\{670B58E6-2229-49D6-BD6F-4FE2D3D38758}
2011-04-01 15:58:32 -------- d-----w- C:\Users\Quill\AppData\Local\{F031849A-FC88-4E47-B8EF-417E829D573C}
2011-04-01 03:25:53 -------- d-----w- C:\Users\Quill\AppData\Local\{26F47486-67BB-484E-A610-70E305BF2936}
2011-03-31 15:25:26 -------- d-----w- C:\Users\Quill\AppData\Local\{A42C04FE-80A3-4DF4-9DB6-0D605910A245}
2011-03-31 02:05:54 -------- d-----w- C:\Users\Quill\AppData\Local\{36137503-766D-49FA-98FF-4CF8D0A1CC04}
2011-03-30 14:05:18 -------- d-----w- C:\Users\Quill\AppData\Local\{CC748317-C488-41A5-B10E-73071A78E2FE}
2011-03-30 02:04:50 -------- d-----w- C:\Users\Quill\AppData\Local\{F9C6DE82-E655-42F7-BA4A-719BFB07A3AB}
2011-03-29 02:43:44 -------- d-----w- C:\Users\Quill\AppData\Local\{C7938646-1F19-4D97-BEBE-3BC5065B6E04}
2011-03-28 14:10:47 -------- d-----w- C:\Users\Quill\AppData\Local\{27803288-289E-48C5-ACB8-D83634FE44E0}
2011-03-27 20:30:52 -------- d-sh--w- C:\found.000
2011-03-27 14:11:28 -------- d-----w- C:\Users\Quill\AppData\Local\{30FEE639-669F-43B5-B16C-E0A79D04E8B0}
2011-03-27 05:41:50 -------- d-----w- C:\Users\Quill\AppData\Local\Apple
2011-03-26 21:56:59 -------- d-----w- C:\Users\Quill\AppData\Local\{DF36C08A-1B4D-4066-A3DE-E994CC05523D}
2011-03-26 09:56:36 -------- d-----w- C:\Users\Quill\AppData\Local\{89EB8907-E2DA-48BE-8FE3-44FB755F8345}
2011-03-26 02:40:50 -------- d-----w- C:\Users\Quill\AppData\Roaming\SolidWorks 2010
2011-03-26 02:08:06 -------- d-----w- C:\PROGRA~3\COSMOS Applications
2011-03-26 01:55:54 -------- d-----w- C:\Users\Quill\AppData\Local\TempSWBackupDirectory
2011-03-25 23:50:05 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2011-03-25 23:41:57 -------- d-----w- C:\Program Files (x86)\SolidWorksx86
2011-03-25 23:41:16 -------- d-----w- C:\Program Files\Common Files\SolidWorks Shared
2011-03-25 23:41:15 -------- d-----w- C:\PROGRA~3\SolidWorks
2011-03-25 23:39:05 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared
2011-03-25 22:12:32 601424 ------w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-03-25 21:56:23 -------- d-----w- C:\Users\Quill\AppData\Local\{7DC74FD6-C799-400C-85CC-8B5939A09724}
2011-03-25 04:56:25 -------- d-----w- C:\Users\Quill\AppData\Local\{02E75E8A-4CA3-4744-97EE-10FE3DEDB1E1}
2011-03-24 16:54:32 -------- d-----w- C:\Users\Quill\AppData\Local\{EDD7D2C0-375B-4FE6-8D42-BBA553DCAA3F}
2011-03-24 02:54:27 -------- d-----w- C:\Users\Quill\AppData\Local\{8EC78C4A-451D-4A1C-AFFA-188A637C82F2}
2011-03-23 13:45:29 -------- d-----w- C:\Users\Quill\AppData\Local\{C3459D1D-30E4-4EF5-8232-9F3E0F0A22C3}
2011-03-23 00:52:58 -------- d-----w- C:\Users\Quill\AppData\Local\{F3D16AD6-7397-4AF6-A649-86EBF988CD3E}
2011-03-22 02:29:29 -------- d-----w- C:\Users\Quill\AppData\Local\{96342DF5-C183-413F-BB3B-6A7430FCC644}
2011-03-21 05:19:24 -------- d-----w- C:\Users\Quill\AppData\Local\{D7320294-54F9-4502-8D37-E355653440D5}
2011-03-20 17:18:48 -------- d-----w- C:\Users\Quill\AppData\Local\{28ECC9DD-14B9-4CA3-BA98-100BD4F7AD74}
2011-03-20 05:18:08 -------- d-----w- C:\Users\Quill\AppData\Local\{F6952A56-B302-4635-993A-B2A2141ED1A8}
2011-03-19 17:17:00 -------- d-----w- C:\Users\Quill\AppData\Local\{292B128B-089A-4EE8-8822-9819DEC4424D}
2011-03-19 06:22:50 -------- d-----w- C:\Program Files\Common Files\PACE Anti-Piracy
2011-03-19 05:53:22 -------- d-----w- C:\Program Files (x86)\Cakewalk
2011-03-19 05:15:31 -------- d-----w- C:\Users\Quill\AppData\Local\{B39FDA56-4DB0-48DA-B468-DA985E8FD9FB}
2011-03-18 15:19:03 -------- d-----w- C:\Users\Quill\AppData\Local\{B5CE337B-21AC-4766-ABFB-27D02AC4ED22}
2011-03-18 03:18:28 -------- d-----w- C:\Users\Quill\AppData\Local\{ECC58E70-BA2B-4341-B410-96A8DFE1489D}
2011-03-17 15:17:57 -------- d-----w- C:\Users\Quill\AppData\Local\{821DC78E-F85D-4852-91E5-4A42A8C4F71F}
2011-03-17 02:15:48 -------- d-----w- C:\Users\Quill\AppData\Local\{D09FCA68-3C84-4A49-BB7B-22A3418F37E1}
2011-03-16 13:40:10 -------- d-----w- C:\Users\Quill\AppData\Local\{AD62DCAF-4EB0-4D9C-A001-CD78FEBA1E53}
2011-03-16 02:53:00 -------- d-----w- C:\Users\Quill\AppData\Local\{57629307-ADE2-407B-8EEF-9CD8F0EE57B2}
2011-03-15 02:43:34 -------- d-----w- C:\Users\Quill\AppData\Local\{C7AE5227-9079-4BC8-962A-151D450CF348}
2011-03-13 21:36:34 -------- d-----w- C:\Users\Quill\AppData\Local\{78F497CD-BC29-4240-A3D0-5404C14AA0E1}
2011-03-13 05:03:31 -------- d-----w- C:\Users\Quill\AppData\Local\{D993CA76-F5BF-4468-A63E-57275EA7C7F9}
2011-03-12 18:36:38 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
2011-03-12 17:02:55 -------- d-----w- C:\Users\Quill\AppData\Local\{60A1D180-6FBF-4CCB-8A4A-DE501492D55D}
2011-03-12 05:02:20 -------- d-----w- C:\Users\Quill\AppData\Local\{D4548DF4-E187-4D02-AD21-EAF4A5E331F7}
2011-03-11 17:01:41 -------- d-----w- C:\Users\Quill\AppData\Local\{4C65790D-ACD2-438A-B5F9-6411E2873C7C}

==================== Find3M ====================

2011-04-09 14:41:52 25640 ----a-w- C:\Windows\gdrv.sys
2011-02-26 01:19:32 41872 ----a-w- C:\Windows\SysWow64\xfcodec.dll
2011-02-26 01:19:32 27536 ----a-w- C:\Windows\System32\xfcodec64.dll
2011-02-14 01:09:22 18760 ----a-w- C:\Windows\SysWow64\QQVistaHelper.dll

============= FINISH: 21:52:24.49 ===============

Edited by QuillNib, 09 April 2011 - 09:30 PM.


#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:27 PM

Posted 10 April 2011 - 03:04 AM

First of all, you need to get rid of some of your security programs. You never should have never more than one Antivirus program installed.

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Please uninstall two of the following programs and keep only one: Avira, AdAware and MS Security Essentials.

After doing this, let me know if the problem still persists.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 QuillNib

QuillNib
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 PM

Posted 14 April 2011 - 12:57 AM

I never knew that could be a problem. o.o

I always thought it was just false positives, unnecessary programs using up resources, or conflicts with installations or each others quarantines or something - all of which I don't care about because I can realize the false positives and my computer's powerful so i'm ok running many at same time.

This is almost funny if that's really all this is, lol. And yet, I see how it truly is a possibility. It could explain everything, shows it's no virus and thus why nothing's detected "it," and I've had the suspicion this tends to happen around when I'm download a lot of files or something. I'm not sure it explains my old 0KB issue, but that's not too common at least.


I never knew MAJOR slowdowns could happen because of them; from a bit more research I did, I gather it's because of the live monitoring? So you think my occasional massive, too-slow-to-work-with lockups could be from those programs accessing files at the same time?

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:27 PM

Posted 14 April 2011 - 05:25 AM

Yes, that is indeed quite possible. Please uninstall one and then monitor your computer's behavior for a day or so. Let me know if you see any difference.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 QuillNib

QuillNib
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 PM

Posted 15 April 2011 - 04:33 PM

Well, if I do not post again soon, I say to consider this problem dormant for a while. Please no close, because I WILL follow up whether or not this is resolved.

It would probably take me a couple of months of little to no problems before I am convinced that was the issue. I need both the length of time itself and more cross-computer file moving, transfers, and downloading to check my computer's behavior.

So thanks again, we'll see what happens.

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:27 PM

Posted 16 April 2011 - 05:12 AM

Okay, fingers crossed! :)

In case this topic gets closed, you can just PM me if it needs to be reopened.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:27 PM

Posted 21 April 2011 - 01:22 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:27 PM

Posted 06 June 2011 - 01:43 AM

This topic has been re-opened at the request of the person who originally posted.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users