Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

avast captured ivv.exe


  • This topic is locked This topic is locked
20 replies to this topic

#1 BSAC

BSAC

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston, Texas, USA
  • Local time:01:57 PM

Posted 01 May 2011 - 09:24 PM

Strange things are afoot. A couple of weeks ago, I went through the tutorial for removing XP Anti-spyware 2011. Today, when Avast put "ivv.exe" in the virus chest, I thought something might be wrong still/again.

I am running XP Professional SP3 on an HP nc6400. I have Spybot installed with TeaTimer active and Resident Shield running. It found a couple of occurrences of Windows update problems, but was unable to solve them. Spyware Blaster is also running; however, every time I open the program and look at the status, about half of the system is unprotected even though I enable all protection each time I run it.

Browser (Firefox 4.0.1) runs strangely from time to time as if someone is scanning pages before I see them.

Perhaps the most annoying issue I have now is the Windows update. It is selected for automatic updates through the control panel. The Windows Security Alert icon in the system tray indicates I am not selected for automatic updates and, no matter what I do, I cannot get automatic updates to run.

DDS file to follow. Attach is attached. Also attached GMER log and HJT log.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Kevin M Sullivan at 19:33:55.98 on Sun 05/01/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.424 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Kevin M Sullivan\Application Data\Gyration\MotionTools\MotionTools.exe
C:\Program Files\Pandora\Pandora.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Kevin M Sullivan\Application Data\U3\3513031B77C036EB\LaunchPad.exe
C:\Documents and Settings\Kevin M Sullivan\Desktop\Fix2\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\search toolbar\tbhelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {6ced286f-7907-59d5-ef9a-e1fec8525718} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: TBSB05974 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\search toolbar\tbcore3.dll
TB: Search Toolbar: {0c8413c1-fad1-446c-8584-be50576f863e} - c:\program files\search toolbar\tbcore3.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MotionTools] c:\documents and settings\kevin m sullivan\application data\gyration\motiontools\MotionTools.exe
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [DLBXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBXtime.dll,_RunDLLEntry@16
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WWllGOC1DSzdRRy05VUJVUi03U1VMUy00NEtSMi1GS1NV"&"inst=NzctNTQzNDAxOTUzLVhMKzEtVDEtVUNBTEwrMS1CQVI4RysxLVVDQUxMMisyLVRCOCsyLUZMKzgtRjhNMTFDKzEtVVBHKzIwMTE"&"prod=90"&"ver=10.0.1204
StartupFolder: c:\docume~1\kevinm~1\startm~1\programs\startup\pandora.lnk - c:\program files\pandora\Pandora.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
mASetup: {90110409-6000-11D3-8CFE-0150048383C9} - msiexec.exe /fs {90110409-6000-11D3-8CFE-0150048383C9} /QB!
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\kevinm~1\applic~1\mozilla\firefox\profiles\fgilkliz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\documents and settings\kevin m sullivan\application data\mozilla\firefox\profiles\fgilkliz.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - plugin: c:\documents and settings\kevin m sullivan\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\kevin m sullivan\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: google.toolbar.linkdoctor.enabled - false
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-17 64288]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-18 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-18 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-18 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-18 42184]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2006-9-20 87936]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-6-10 35968]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-11 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-11-11 135664]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-23 2146496]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
.
=============== Created Last 30 ================
.
2011-04-19 06:01:46 -------- d-----w- c:\program files\Handbrake
2011-04-19 05:54:46 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-04-19 05:45:00 -------- d-----w- c:\docume~1\kevinm~1\applic~1\PPT2DVD
2011-04-19 05:45:00 -------- d-----w- c:\docume~1\kevinm~1\applic~1\Moyea
2011-04-19 05:44:59 -------- d-----w- c:\docume~1\alluse~1\applic~1\Leawo
2011-04-19 05:44:02 606208 ----a-w- c:\windows\system32\xvidcore.dll
2011-04-19 05:44:02 438272 ----a-w- c:\windows\system32\Mpeg2DecFilter.ax
2011-04-19 03:20:04 -------- d-----w- c:\docume~1\kevinm~1\applic~1\Malwarebytes
2011-04-19 03:19:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-19 03:19:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-19 03:19:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-19 03:19:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-23 14:04:21 40648 ----a-w- c:\windows\avastSS.scr
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-18 22:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25:52 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-09 05:09:05 60 ----a-w- c:\windows\wpd99.drv
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
============= FINISH: 19:38:46.09 ===============


Thanks in advance,
BSAC

Be Strong And Courageous

XP Antivirus 2011 is back. I have not removed according to the tutorial in Bleeping Computer. Instead, I stopped the processes running with a three letter designation + .exe

Time to wipe the drive and start over?

Merged posts. ~ OB

Edited by Orange Blossom, 08 May 2011 - 03:01 PM.

Be Strong And Courageous!

Kevin

BC AdBot (Login to Remove)

 


#2 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 PM

Posted 09 May 2011 - 02:48 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks.

DR

#3 BSAC

BSAC
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston, Texas, USA
  • Local time:01:57 PM

Posted 09 May 2011 - 03:34 PM

I am on a business trip and away from my computer. I will be back in two weeks. I will post upon my return.

The problem still exists and I definitely still need help.
Be Strong And Courageous!

Kevin

#4 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 PM

Posted 09 May 2011 - 03:38 PM

OK, I will keep this open until then.

DR

#5 BSAC

BSAC
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston, Texas, USA
  • Local time:01:57 PM

Posted 25 May 2011 - 12:15 AM

DR,
I am back. The scan is running. It will probably be tomorrow evening before I post logs. Thanks for keeping the topic open.

Regards,
bsac
Be Strong And Courageous!

Kevin

#6 BSAC

BSAC
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston, Texas, USA
  • Local time:01:57 PM

Posted 25 May 2011 - 08:35 PM

DR, machine runs slowly, especially the browser (Firefox 4.0.1). Hard drive seems active when it shouldn't be. Spybot S&D and Spyware Blaster unload protection without action by me. Avast captured ivv.exe a couple of weeks back. I had to go into the task manager and shut down three letter executable files (I see one now jqs.exe).

Attached files in separate post.

Regards,
bsac


DDS:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Kevin M Sullivan at 23:53:41.56 on Tue 05/24/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.486 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Kevin M Sullivan\Application Data\Gyration\MotionTools\MotionTools.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Pandora\Pandora.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Documents and Settings\Kevin M Sullivan\Desktop\Fix2\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\search toolbar\tbhelper.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {6ced286f-7907-59d5-ef9a-e1fec8525718} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0357.1\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: TBSB05974 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\search toolbar\tbcore3.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Search Toolbar: {0c8413c1-fad1-446c-8584-be50576f863e} - c:\program files\search toolbar\tbcore3.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0357.1\npwinext.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MotionTools] c:\documents and settings\kevin m sullivan\application data\gyration\motiontools\MotionTools.exe
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [DLBXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBXtime.dll,_RunDLLEntry@16
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0357.1\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WWllGOC1DSzdRRy05VUJVUi03U1VMUy00NEtSMi1GS1NV"&"inst=NzctNTQzNDAxOTUzLVhMKzEtVDEtVUNBTEwrMS1CQVI4RysxLVVDQUxMMisyLVRCOCsyLUZMKzgtRjhNMTFDKzEtVVBHKzIwMTE"&"prod=90"&"ver=10.0.1204
StartupFolder: c:\docume~1\kevinm~1\startm~1\programs\startup\pandora.lnk - c:\program files\pandora\Pandora.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
mASetup: {90110409-6000-11D3-8CFE-0150048383C9} - msiexec.exe /fs {90110409-6000-11D3-8CFE-0150048383C9} /QB!
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\kevinm~1\applic~1\mozilla\firefox\profiles\fgilkliz.default\
FF - prefs.js: browser.search.selectedEngine - YouTube
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\documents and settings\kevin m sullivan\application data\mozilla\firefox\profiles\fgilkliz.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - plugin: c:\documents and settings\kevin m sullivan\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\kevin m sullivan\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.40818.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0357.1\npwinext.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: google.toolbar.linkdoctor.enabled - false
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-17 64288]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-18 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-18 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-18 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-18 42184]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2006-9-20 87936]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-6-10 35968]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-11 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-11-11 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
.
=============== Created Last 30 ================
.
2011-05-22 02:15:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\WEBREG
2011-05-22 02:09:20 -------- d-----w- c:\docume~1\kevinm~1\locals~1\applic~1\HP
2011-05-22 01:57:09 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2011-05-22 01:57:09 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
2011-05-22 01:55:24 -------- d-----w- c:\program files\Microsoft
2011-05-22 01:55:23 -------- d-----w- c:\program files\MSN Toolbar
2011-05-22 01:54:41 -------- d-----w- c:\program files\MSN Toolbar Installer
2011-05-22 01:54:37 -------- d-----w- c:\windows\Cache
2011-05-22 01:54:36 -------- d-----w- c:\program files\Coupons
2011-05-22 01:54:25 -------- d-----w- c:\program files\HP Photo Creations
2011-05-22 01:54:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\HP Photo Creations
2011-05-22 01:51:00 -------- d-----w- c:\program files\common files\HP
2011-05-22 01:50:55 -------- d-----w- c:\program files\common files\Hewlett-Packard
2011-05-22 01:48:50 -------- d-----w- c:\program files\HP
2011-05-22 01:47:36 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2011-05-22 01:47:26 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2011-05-22 01:46:54 319488 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpfpp101.dll
2011-05-22 01:46:54 125952 ----a-w- c:\windows\system32\hpf3l101.dll
2011-05-22 01:46:53 452736 ----a-r- c:\windows\system32\hpzids01.dll
2011-05-22 01:46:43 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2011-05-22 01:45:19 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2011-05-22 01:45:19 319616 ----a-r- c:\windows\system32\hposc_p04a.dll
2011-05-22 01:45:19 309760 ----a-r- c:\windows\system32\difxapi.dll
2011-05-22 01:45:18 970880 ----a-r- c:\windows\system32\hpost_p04d.dll
2011-05-22 01:45:17 892032 ----a-r- c:\windows\system32\hposwia_p04d.dll
2011-05-20 21:35:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-20 21:28:20 -------- d-----w- c:\program files\iPod
2011-05-20 21:25:49 -------- d-----w- c:\program files\Bonjour
2011-05-08 02:31:42 236573 --sha-w- c:\docume~1\kevinm~1\locals~1\applic~1\fvc.exe
.
==================== Find3M ====================
.
2011-05-05 02:26:20 59 ----a-w- c:\windows\wpd99.drv
2011-04-06 21:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 21:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 23:56:25.85 ===============

Edited by BSAC, 25 May 2011 - 08:39 PM.

Be Strong And Courageous!

Kevin

#7 BSAC

BSAC
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston, Texas, USA
  • Local time:01:57 PM

Posted 25 May 2011 - 08:40 PM

DR,
Didn't notice I had to delete old attachments. Please see the new attachments, as requested.

Attached Files


Be Strong And Courageous!

Kevin

#8 Jack&Jill

Jack&Jill

  • Malware Response Team
  • 385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South East Asia
  • Local time:01:57 AM

Posted 27 May 2011 - 10:18 AM

Hello BSAC :),

Welcome to Bleeping Computer. I am Jack&Jill, and I will be helping you out.

Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.
  • Please observe and follow these Board Rules and Terms of Use.
  • Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
  • Please read the instructions carefully and follow them closely, in the order they are presented to you.
  • If you have any doubts or problems during the fix, please stop and ask.
  • All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.
  • Do not use or run any malware cleaning tools without supervision as they may cause more harm if improperly used.
  • Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.
  • Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
  • If you do not reply within 5 days, this topic will be closed.
If you are agreeable to the above, then everything should go smoothly :) . We may begin.

--------------------

I am checking over your logs now and will be back soon. In the meanwhile, please uninstall Spybot - Search & Destroy because its real time protection may hinder the malware removal process.

--------------------

You have Malwarebytes' Anti-Malware (MBAM) on your machine. I wish to take a look at the most recent log file. Open MBAM and click on the Logs tab. Open the file at the bottom of the list and post the contents back here. If there is no log or you have yet to run MBAM, please let me know.

--------------------

Could you get me the log from Avast as well? I used to have version 4 and the file is located at C:\Program Files\Alwil Software\Avast4\DATA\report as Resident protection.txt. For your case, I think the path has changed. If you are not sure or could not find it, please proceed the steps below. Otherwise just post the log and let me know the path.

Look into folder
  • Go to Start > Run.... Copy and paste the following text into the white box:
    cmd /c dir "c:\program files\avast software\avast" /A /S > "%userprofile%\desktop\look.txt"
  • Click OK. A command prompt window will open for a while and close.
  • A file called look.txt should appear on your desktop. Please post the contents of this file.
--------------------

Please post back:
1. the previous MBAM result
2. Avast's log and the path or contents of look.txt

Jack&Jill
MRU Teacher of Malware Removal University.
Member of ASAP and UNITE.


#9 BSAC

BSAC
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston, Texas, USA
  • Local time:01:57 PM

Posted 27 May 2011 - 09:37 PM

Jack and Jill, thank you for your help.

MBAM log is more than a month old. I had a problem with XP Virus something or another a while back. It may be from that time. In any case, here it is:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6395

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/19/2011 12:01:48 AM
mbam-log-2011-04-19 (00-01-48).txt

Scan type: Full scan (C:\|H:\|)
Objects scanned: 245338
Time elapsed: 1 hour(s), 12 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\kevin m sullivan\local settings\Temp\0.09854629117276681.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\kevin m sullivan\local settings\Temp\0.4467028241930223.exe (Trojan.Dropper) -> Quarantined and deleted successfully.



I had to run the CMD for the AVAST log:

Volume in drive C has no label.
Volume Serial Number is 3708-BBAE

Directory of c:\program files\avast software\avast

03/18/2011 07:18 PM <DIR> .
03/18/2011 07:18 PM <DIR> ..
03/18/2011 07:18 PM <DIR> 1033
02/23/2011 09:04 AM 312,080 Aavm4h.dll
02/23/2011 09:04 AM 70,024 AavmRpch.dll
02/23/2011 09:04 AM 105,520 AhAScr.dll
02/23/2011 09:04 AM 62,832 AhResBhv.dll
02/23/2011 09:04 AM 33,944 AhResJs.dll
02/23/2011 09:04 AM 53,032 AhResMai.dll
02/23/2011 09:04 AM 40,672 AhResMes.dll
02/23/2011 09:04 AM 47,864 AhResNS.dll
02/23/2011 09:04 AM 41,696 AhResP2P.dll
02/23/2011 09:04 AM 60,736 AhResStd.dll
02/23/2011 09:04 AM 59,736 AhResWS.dll
02/23/2011 09:04 AM 178,168 ashBase.dll
02/23/2011 09:04 AM 930,032 ashMaiSv.dll
02/23/2011 09:04 AM 142,112 ashOutXt.dll
02/23/2011 09:04 AM 97,304 ashQuick.exe
02/23/2011 09:04 AM 119,952 ashServ.dll
02/23/2011 09:04 AM 122,512 ashShell.dll
02/23/2011 09:04 AM 149,304 ashTask.dll
02/23/2011 09:04 AM 62,272 ashTaskEx.dll
02/23/2011 09:04 AM 83,360 ashUpd.exe
02/23/2011 09:04 AM 610,720 ashWebSv.dll
02/23/2011 09:04 AM 46,840 ashWsFtr.dll
02/23/2011 09:04 AM 682,344 aswAux.dll
02/23/2011 09:04 AM 76,168 aswChLic.exe
02/23/2011 09:04 AM 301,256 aswCmnBS.dll
02/23/2011 09:04 AM 162,712 aswCmnIS.dll
02/23/2011 09:04 AM 94,720 aswCmnOS.dll
02/23/2011 09:04 AM 162,688 aswData.dll
02/23/2011 09:04 AM 144,672 aswDld.dll
02/23/2011 09:04 AM 46,840 aswEngLdr.dll
02/23/2011 09:04 AM 13,896 aswIdle.dll
02/23/2011 09:04 AM 201,864 aswLog.dll
10/06/2008 04:48 AM 706 aswMonDS.sys
02/23/2011 09:04 AM 11,800 aswMonVD.dll
02/23/2011 09:04 AM 197,744 aswProperty.dll
02/23/2011 07:35 AM 22,016 aswRegSvr.exe
02/23/2011 07:35 AM 46,128 aswRegSvr64.exe
02/10/2011 12:30 PM 107,568 aswRunDll.exe
02/23/2011 09:04 AM 398,576 aswSqLt.dll
02/23/2011 09:04 AM 25,728 aswUtil.dll
02/23/2011 09:04 AM 814,160 aswWebRepIE.dll
02/23/2011 09:04 AM 31,896 avastSS.dll
02/23/2011 09:04 AM 42,184 AvastSvc.exe
02/23/2011 09:04 AM 3,451,496 AvastUI.exe
02/23/2011 09:04 AM 53,008 AvSSHook.dll
02/23/2011 09:04 AM 1,848,304 CommonRes.dll
05/24/2011 10:34 PM <DIR> defs
03/18/2011 07:18 PM <DIR> flash
03/18/2011 07:18 PM <DIR> License
02/23/2011 09:04 AM 83,896 sched.exe
05/27/2011 09:17 PM <DIR> Setup
02/23/2011 09:04 AM 197,208 snxhk.dll
02/23/2011 09:04 AM 129,192 VisthAux.exe
03/18/2011 07:18 PM <DIR> WebRep
49 File(s) 12,779,482 bytes

Directory of c:\program files\avast software\avast\1033

03/18/2011 07:18 PM <DIR> .
03/18/2011 07:18 PM <DIR> ..
02/23/2011 07:34 AM 397 aswClnTg.htm
02/23/2011 07:34 AM 214 aswClnTg.txt
02/23/2011 07:34 AM 627 aswInfTg.htm
02/23/2011 07:34 AM 444 aswInfTg.txt
02/23/2011 08:56 AM 99,674 Avast5_1033.chm
02/23/2011 09:04 AM 57,128 Base.dll
02/23/2011 09:04 AM 26,208 Boot.dll
02/23/2011 09:04 AM 168,368 uiLangRes.dll
8 File(s) 353,060 bytes

Directory of c:\program files\avast software\avast\defs

05/24/2011 10:34 PM <DIR> .
05/24/2011 10:34 PM <DIR> ..
05/24/2011 09:23 PM <DIR> 11052401
05/24/2011 09:23 PM 32 aswdefs.ini
1 File(s) 32 bytes

Directory of c:\program files\avast software\avast\defs\11052401

05/24/2011 09:23 PM <DIR> .
05/24/2011 09:23 PM <DIR> ..
05/24/2011 09:23 PM 294,036 acshort.map
05/24/2011 12:03 PM 962,048 algo.dll
05/16/2011 04:43 AM 40,136 ArPot.dll
05/16/2011 04:43 AM 162,176 aswAR.dll
05/16/2011 04:43 AM 1,568,144 aswBoot.dll
05/13/2011 03:15 PM 444,480 aswCleanerDLL.dll
05/16/2011 04:43 AM 317,200 aswCmnBS.dll
05/16/2011 04:43 AM 182,264 aswCmnIS.dll
05/16/2011 04:43 AM 96,792 aswCmnOS.dll
05/16/2011 04:43 AM 1,183,936 aswEngin.dll
05/16/2011 04:43 AM 297,648 aswRawFS.dll
05/16/2011 04:43 AM 85,456 aswScan.dll
05/24/2011 12:05 PM 49,701 certs.map
05/24/2011 12:01 PM 14,772 db_el.dat
05/24/2011 12:00 PM 25,636 db_java.dat
05/24/2011 12:04 PM 1,916 db_java.map
05/24/2011 12:00 PM 461,072 db_js.dat
05/24/2011 12:04 PM 16,263 db_js.map
05/24/2011 12:00 PM 932 db_mx4.dat
05/24/2011 12:04 PM 118 db_mx4.map
05/24/2011 12:00 PM 5,292 db_mx95.dat
05/24/2011 12:04 PM 768 db_mx95.map
05/24/2011 12:00 PM 72,880 db_o7.dat
05/24/2011 12:04 PM 15,054 db_o7.map
05/24/2011 12:01 PM 161,460 db_ob.dat
05/24/2011 12:01 PM 33,132,528 db_pe2.dat
05/24/2011 12:00 PM 2,564 db_swf.dat
05/24/2011 12:04 PM 162 db_swf.map
05/24/2011 12:01 PM 1,389,288 db_tx.dat
05/24/2011 12:01 PM 2,063,560 db_u.dat
05/24/2011 12:00 PM 49,668 db_w6.dat
05/24/2011 12:04 PM 8,194 db_w6.map
05/24/2011 12:01 PM 500,544 db_wh.dat
05/24/2011 12:04 PM 3,991 db_xtn.map
05/24/2011 12:05 PM 7,032 def.ini
12/04/2008 09:09 AM 309,912 dllcc.dat
05/16/2011 04:43 AM 13,360 exts.dll
05/16/2011 04:43 AM 40,160 fwAux.dll
05/24/2011 12:05 PM 1,441 list_d.txt
05/24/2011 12:05 PM 2,717 list_i.txt
05/24/2011 09:23 PM 14,298,506 lshe3.map
05/24/2011 09:23 PM 16,500 l_idx.map
05/24/2011 12:00 PM 439,489 l_nmp.map
05/16/2011 04:43 AM 568,544 Sf.bin
05/24/2011 09:23 PM 516 sl_idx.map
05/24/2011 12:00 PM 29,479 sl_nmp.map
05/24/2011 09:23 PM 48 s_idx.map
05/24/2011 12:00 PM 6,253 s_nmp.map
11/15/2010 08:52 AM 1,846,534 whitelist.db
49 File(s) 61,191,170 bytes

Directory of c:\program files\avast software\avast\flash

03/18/2011 07:18 PM <DIR> .
03/18/2011 07:18 PM <DIR> ..
02/23/2011 07:34 AM 32 amcharts_key.txt
02/23/2011 07:34 AM 54,564 amline.swf
03/18/2011 07:18 PM <DIR> ammap
2 File(s) 54,596 bytes

Directory of c:\program files\avast software\avast\flash\ammap

03/18/2011 07:18 PM <DIR> .
03/18/2011 07:18 PM <DIR> ..
02/23/2011 07:34 AM 51,220 ammap.swf
02/23/2011 07:34 AM 30 ammap_key.txt
02/23/2011 07:34 AM 3,889 ammap_settings_summary.xml
02/23/2011 07:34 AM 5,298 ammap_settings_tracert.xml
02/23/2011 07:34 AM 11,145 empty_map.xml
03/18/2011 07:18 PM <DIR> icons
03/18/2011 07:18 PM <DIR> maps
5 File(s) 71,582 bytes

Directory of c:\program files\avast software\avast\flash\ammap\icons

03/18/2011 07:18 PM <DIR> .
03/18/2011 07:18 PM <DIR> ..
02/23/2011 07:34 AM 76 arrow.swf
02/23/2011 07:34 AM 217 bubble.swf
02/23/2011 07:34 AM 234 cross.swf
02/23/2011 07:34 AM 378 flag.swf
02/23/2011 07:34 AM 382 pin.swf
02/23/2011 07:34 AM 198 zoom_out.swf
6 File(s) 1,485 bytes

Directory of c:\program files\avast software\avast\flash\ammap\maps

03/18/2011 07:18 PM <DIR> .
03/18/2011 07:18 PM <DIR> ..
02/23/2011 07:34 AM 127,702 world.swf
1 File(s) 127,702 bytes

Directory of c:\program files\avast software\avast\License

03/18/2011 07:18 PM <DIR> .
03/18/2011 07:18 PM <DIR> ..
02/22/2011 11:14 AM 15,471 EULA_Avast_Free.txt
1 File(s) 15,471 bytes

Directory of c:\program files\avast software\avast\Setup

05/27/2011 09:17 PM <DIR> .
05/27/2011 09:17 PM <DIR> ..
02/23/2011 09:06 AM 10,105,493 ais_core-302.vpx
02/23/2011 09:06 AM 585,716 ais_dll_eng-358.vpx
02/23/2011 09:06 AM 5,188,932 ais_res-243.vpx
05/27/2011 09:17 PM 81,674 Components.ini
03/18/2011 07:18 PM <DIR> INF
04/21/2010 02:19 AM 38,953 jrog-a7.vpx
05/24/2011 09:22 PM 324,976 jrog2-212.vpx
04/21/2010 02:24 AM 168 part-jrog-a7.vpx
05/24/2011 09:22 PM 798 part-jrog2-212.vpx
02/23/2011 09:14 AM 4,857 part-prg_ais-3e8.vpx
02/23/2011 09:14 AM 402 part-setup_ais-3e8.vpx
05/24/2011 09:22 PM 1,889 part-vps_win32-11052401.vpx
05/27/2011 11:22 AM 541 prod-ais.vpx
05/17/2011 07:52 AM 101,804 servers.def
05/17/2011 07:52 AM 101,804 servers.def.lkg
05/17/2011 07:52 AM 4,615 servers.def.vpx
02/23/2011 09:07 AM 190,000 setiface.dll
02/23/2011 09:07 AM 190,000 setiface.ovr
02/23/2011 09:07 AM 190,000 setif_ais-3e8.vpx
02/23/2011 07:35 AM 4,692 settings.ori
05/27/2011 09:17 PM 1,154 setup.ini
05/27/2011 09:17 PM 4,128,558 setup.log
02/23/2011 09:08 AM 3,250,664 setup.ovr
02/23/2011 09:08 AM 3,250,664 setup_ais-3e8.vpx
05/24/2011 09:23 PM 784 summary.txt
05/24/2011 09:23 PM 46,080,608 vps_32-4c7.vpx
05/24/2011 09:23 PM 5,313,705 vps_win32-4db.vpx
02/02/2011 03:59 PM 4,493,474 winsys-4.vpx
27 File(s) 83,636,925 bytes

Directory of c:\program files\avast software\avast\Setup\INF

03/18/2011 07:18 PM <DIR> .
03/18/2011 07:18 PM <DIR> ..
02/23/2011 08:54 AM 30,680 Aavmker4.sys
02/23/2011 08:54 AM 19,544 aswFsBlk.sys
02/23/2011 08:55 AM 96,344 aswMon.sys
02/23/2011 08:55 AM 102,232 aswMon2.sys
02/23/2011 08:55 AM 53,592 aswMonFlt.sys
02/23/2011 08:55 AM 25,432 AswRdr.sys
02/23/2011 08:56 AM 371,544 aswSnx.sys
02/23/2011 08:56 AM 301,528 aswSP.sys
02/23/2011 08:55 AM 49,240 AswTdi.sys
9 File(s) 1,050,136 bytes

Directory of c:\program files\avast software\avast\WebRep

03/18/2011 07:18 PM <DIR> .
03/18/2011 07:18 PM <DIR> ..
03/18/2011 07:18 PM <DIR> FF
0 File(s) 0 bytes

Directory of c:\program files\avast software\avast\WebRep\FF

03/18/2011 07:18 PM <DIR> .
03/18/2011 07:18 PM <DIR> ..
02/23/2011 07:38 AM 260 chrome.manifest
03/18/2011 07:18 PM <DIR> content
03/18/2011 07:18 PM <DIR> defaults
02/23/2011 07:38 AM 4,739 dump.html
02/23/2011 07:38 AM 890 install.rdf
02/23/2011 07:38 AM 928 install.rdf0
03/18/2011 07:18 PM <DIR> locale
03/18/2011 07:18 PM <DIR> skin
02/23/2011 07:38 AM 240 test.html
5 File(s) 7,057 bytes

Directory of c:\program files\avast software\avast\WebRep\FF\content

03/18/2011 07:18 PM <DIR> .
03/18/2011 07:18 PM <DIR> ..
02/23/2011 07:38 AM 1,176 about.xul
02/23/2011 07:38 AM 3,751 dateFormat.js
02/14/2011 04:38 AM 1,137 install.js
02/23/2011 07:38 AM 2,795 log.js
02/23/2011 07:38 AM 43,457 overlay.js
02/23/2011 07:38 AM 12,416 overlay.xul
02/23/2011 07:38 AM 14,310 query.js
02/23/2011 07:38 AM 16,072 ratings.js
02/23/2011 07:38 AM 5,412 rules.js
9 File(s) 100,526 bytes

Directory of c:\program files\avast software\avast\WebRep\FF\defaults

03/18/2011 07:18 PM <DIR> .
03/18/2011 07:18 PM <DIR> ..
03/18/2011 07:18 PM <DIR> preferences
0 File(s) 0 bytes

Directory of c:\program files\avast software\avast\WebRep\FF\defaults\preferences

03/18/2011 07:18 PM <DIR> .
03/18/2011 07:18 PM <DIR> ..
02/23/2011 07:38 AM 872 pref.js
1 File(s) 872 bytes

Directory of c:\program files\avast software\avast\WebRep\FF\locale

03/18/2011 07:18 PM <DIR> .
03/18/2011 07:18 PM <DIR> ..
03/18/2011 07:18 PM <DIR> en-US
0 File(s) 0 bytes

Directory of c:\program files\avast software\avast\WebRep\FF\locale\en-US

03/18/2011 07:18 PM <DIR> .
03/18/2011 07:18 PM <DIR> ..
02/23/2011 07:38 AM 238 about.dtd
02/23/2011 07:38 AM 1,178 wrc.dtd
02/23/2011 07:38 AM 430 wrc.properties
3 File(s) 1,846 bytes

Directory of c:\program files\avast software\avast\WebRep\FF\skin

03/18/2011 07:18 PM <DIR> .
03/18/2011 07:18 PM <DIR> ..
02/23/2011 07:38 AM 529 background-body.jpg
02/23/2011 07:38 AM 267 close.png
03/18/2011 07:18 PM <DIR> icons
02/23/2011 07:38 AM 4,975 logo.jpg
02/23/2011 07:38 AM 7,826 overlay.css
03/18/2011 07:18 PM <DIR> png
02/23/2011 07:38 AM 28,257 wrc ico 16x16px a 24x24px.zip
5 File(s) 41,854 bytes

Directory of c:\program files\avast software\avast\WebRep\FF\skin\icons

03/18/2011 07:18 PM <DIR> .
03/18/2011 07:18 PM <DIR> ..
02/23/2011 07:38 AM 2,019 check-priority.jp
02/23/2011 07:38 AM 2,019 check-priority.jpg
02/23/2011 07:38 AM 1,103 close.png
02/23/2011 07:38 AM 1,841 green1.png
02/23/2011 07:38 AM 1,856 green2.png
02/23/2011 07:38 AM 1,765 green3.png
02/23/2011 07:38 AM 1,763 grey.png
02/23/2011 07:38 AM 1,669 orange1.png
02/23/2011 07:38 AM 1,671 orange2.png
02/23/2011 07:38 AM 1,627 orange3.png
02/23/2011 07:38 AM 1,617 red1.png
02/23/2011 07:38 AM 1,640 red2.png
02/23/2011 07:38 AM 1,537 red3.png
02/23/2011 07:38 AM 2,541 shop-icon-big.jp
02/23/2011 07:38 AM 2,541 shop-icon-big.jpg
02/23/2011 07:38 AM 1,342 shop-icon-small.jp
02/23/2011 07:38 AM 1,342 shop-icon-small.jpg
17 File(s) 29,893 bytes

Directory of c:\program files\avast software\avast\WebRep\FF\skin\png

03/18/2011 07:18 PM <DIR> .
03/18/2011 07:18 PM <DIR> ..
02/23/2011 07:38 AM 510 background-body.jpg
02/23/2011 07:38 AM 373 background-body.png
02/23/2011 07:38 AM 314 background-header.jpg
02/23/2011 07:38 AM 523 background-right.png
02/23/2011 07:38 AM 1,347 bg-window.png
02/23/2011 07:38 AM 1,606 Button-1.png
02/23/2011 07:38 AM 1,052 button-middle.png
02/23/2011 07:38 AM 1,146 close-hover.png
02/23/2011 07:38 AM 1,156 close.png
02/23/2011 07:38 AM 1,049 corner-left-bottom.png
02/23/2011 07:38 AM 1,055 corner-left-top.png
02/23/2011 07:38 AM 1,047 corner-right-bottom.png
02/23/2011 07:38 AM 1,055 corner-right-top.png
02/23/2011 07:38 AM 2,087 corporate-small-disable.png
02/23/2011 07:38 AM 1,939 corporate-small-selected.png
02/23/2011 07:38 AM 4,378 corporate.png
02/23/2011 07:38 AM 2,265 drugs-small-disable.png
02/23/2011 07:38 AM 2,263 drugs-small-selected.png
02/23/2011 07:38 AM 7,799 drugs.png
02/23/2011 07:38 AM 2,303 gambling-small-disable.png
02/23/2011 07:38 AM 2,155 gambling-small-selected.png
02/23/2011 07:38 AM 6,471 gambling.png
02/23/2011 07:38 AM 3,829 green-1.png
02/23/2011 07:38 AM 3,549 green-2.png
02/23/2011 07:38 AM 3,075 green-3.png
02/23/2011 07:38 AM 1,593 green-hover.png
02/23/2011 07:38 AM 2,977 green-selected.png
02/23/2011 07:38 AM 1,590 green.png
02/23/2011 07:38 AM 1,416 green1-16.png
02/23/2011 07:38 AM 1,665 green1-24.png
02/23/2011 07:38 AM 1,408 green1-small.png
02/23/2011 07:38 AM 1,430 green2-16.png
02/23/2011 07:38 AM 1,665 green2-24.png
02/23/2011 07:38 AM 1,426 green2-small.png
02/23/2011 07:38 AM 1,406 green3-16.png
02/23/2011 07:38 AM 1,611 green3-24.png
02/23/2011 07:38 AM 1,396 green3-small.png
02/23/2011 07:38 AM 3,955 grey-0.png
02/23/2011 07:38 AM 3,110 grey-3.png
02/23/2011 07:38 AM 1,433 grey-small.png
02/23/2011 07:38 AM 1,441 grey0-16.png
02/23/2011 07:38 AM 1,606 grey0-24.png
02/23/2011 07:38 AM 1,451 grey3-16.png
02/23/2011 07:38 AM 1,608 grey3-24.png
02/23/2011 07:38 AM 743 horizontal-line-white.jpg
02/23/2011 07:38 AM 1,032 horizontal-line.jpg
02/23/2011 07:38 AM 2,318 illegal-small-disable.png
02/23/2011 07:38 AM 2,320 illegal-small-selected.png
02/23/2011 07:38 AM 8,727 illegal.png
02/23/2011 07:38 AM 2,139 it-small-disable.png
02/23/2011 07:38 AM 1,957 it-small-selected.png
02/23/2011 07:38 AM 5,282 it.png
02/23/2011 07:38 AM 807 kenny.png
02/23/2011 07:38 AM 1,300 limet-hover.png
02/23/2011 07:38 AM 2,791 limet-selected.png
02/23/2011 07:38 AM 1,298 limet.png
02/23/2011 07:38 AM 1,810 line-dark-horizontal.png
02/23/2011 07:38 AM 1,787 line-light-horizontal.png
02/23/2011 07:38 AM 2,157 logo.png
02/23/2011 07:38 AM 2,057 news-small-disable.png
02/23/2011 07:38 AM 1,961 news-small-selected.png
02/23/2011 07:38 AM 5,040 news.png
02/23/2011 07:38 AM 1,303 orange-hover.png
02/23/2011 07:38 AM 2,788 orange-selected.png
02/23/2011 07:38 AM 1,304 orange.png
02/23/2011 07:38 AM 2,124 pornography-small-disable.png
02/23/2011 07:38 AM 1,984 pornography-small-selected.png
02/23/2011 07:38 AM 5,150 pornography.png
02/23/2011 07:38 AM 2,519 red-1-108.png
02/23/2011 07:38 AM 3,741 red-1.png
02/23/2011 07:38 AM 3,479 red-2.png
02/23/2011 07:38 AM 2,716 red-3.png
02/23/2011 07:38 AM 1,549 red-hover.png
02/23/2011 07:38 AM 2,939 red-selected.png
02/23/2011 07:38 AM 1,552 red.png
02/23/2011 07:38 AM 1,376 red1-16.png
02/23/2011 07:38 AM 1,478 red1-24.png
02/23/2011 07:38 AM 1,367 red1-small.png
02/23/2011 07:38 AM 1,386 red2-16.png
02/23/2011 07:38 AM 1,482 red2-24.png
02/23/2011 07:38 AM 1,377 red2-small.png
02/23/2011 07:38 AM 1,361 red3-16.png
02/23/2011 07:38 AM 1,424 red3-24.png
02/23/2011 07:38 AM 1,352 red3-small.png
02/23/2011 07:38 AM 2,122 shopping-small-disable.png
02/23/2011 07:38 AM 2,075 shopping-small-selected.png
02/23/2011 07:38 AM 6,651 shopping.png
02/23/2011 07:38 AM 2,235 social-small-disable.png
02/23/2011 07:38 AM 2,147 social-small-selected.png
02/23/2011 07:38 AM 6,285 social.png
02/23/2011 07:38 AM 504 vertical-line.jpg
02/23/2011 07:38 AM 2,245 violence-small-disable.png
02/23/2011 07:38 AM 2,109 violence-small-selected.png
02/23/2011 07:38 AM 6,701 violence.png
02/23/2011 07:38 AM 13,973 Warning.png
02/23/2011 07:38 AM 1,763 window-wrc.png
02/23/2011 07:38 AM 3,818 yellow-1.png
02/23/2011 07:38 AM 3,525 yellow-2.png
02/23/2011 07:38 AM 2,697 yellow-3.png
02/23/2011 07:38 AM 1,304 yellow-hover.png
02/23/2011 07:38 AM 2,782 yellow-selected.png
02/23/2011 07:38 AM 1,304 yellow.png
02/23/2011 07:38 AM 1,337 yellow1-16.png
02/23/2011 07:38 AM 1,429 yellow1-24.png
02/23/2011 07:38 AM 1,379 yellow1-small.png
02/23/2011 07:38 AM 1,345 yellow2-16.png
02/23/2011 07:38 AM 1,419 yellow2-24.png
02/23/2011 07:38 AM 1,395 yellow2-small.png
02/23/2011 07:38 AM 1,302 yellow3-16.png
02/23/2011 07:38 AM 1,424 yellow3-24.png
02/23/2011 07:38 AM 1,363 yellow3-small.png
111 File(s) 256,443 bytes

Total Files Listed:
309 File(s) 159,720,132 bytes
62 Dir(s) 2,048,323,584 bytes free


Finally, I have uninstalled Spybot S&D.

Regards,
Kevin
Be Strong And Courageous!

Kevin

#10 Jack&Jill

Jack&Jill

  • Malware Response Team
  • 385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South East Asia
  • Local time:01:57 AM

Posted 28 May 2011 - 11:09 AM

Hello BSAC :),

Regarding Avast, the log that you posted is the result of a search that I used to look for the location of the real time protection report. What I need is not in those locations, so I will have to look further. Please delete look.txt and proceed below to produce a new one.

Find bad file
  • Go to Start > Run.... Copy and paste the following text into the white box:
    cmd /c dir C:\*.* /L /A /B /S|Find "avast" >> "%userprofile%\desktop\look.txt"
  • Click OK. A command prompt window will open for a while and close.
  • A file called look.txt should appear on your desktop. Please post the file as attachment.
On the Add Reply page, you will see the Attachments section below the text box that you use for replying. Click on Click To Attach Files, browse to find the file you want to attach and double click on it. It will be uploaded. Please do not post any other logs as attachment unless I request.

--------------------

I want you to update MBAM and run a scan.
  • Open MBAM and click on the Update tab, then Check for Updates.
  • When completed, go to back to the Scanner tab and select Perform full scan. Click Scan.
  • Leave the default options as it is and click on Start Scan.
  • If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process.
  • When done, you will be prompted. Click OK, then click on Show Results.
  • Check (tick) all items except items in the C:\System Volume Information folder and click on Remove Selected.
  • After it has removed the items, a log in Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware. If you receive an (Error Loading) error on reboot, please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it returns on future reboots.

--------------------

Avast captured ivv.exe a couple of weeks back. I had to go into the task manager and shut down three letter executable files (I see one now jqs.exe).

This shows Avast is doing its work. The file jqs.exe, if located in the Java folder, is a legitimate file.

Browser (Firefox 4.0.1) runs strangely from time to time as if someone is scanning pages before I see them.

Could be SpywareBlaster at work. Please uninstall SpywareBlaster to verify this. You can always install it back later.

Perhaps the most annoying issue I have now is the Windows update. It is selected for automatic updates through the control panel. The Windows Security Alert icon in the system tray indicates I am not selected for automatic updates and, no matter what I do, I cannot get automatic updates to run.

To fix Windows Update, please visit the following Microsoft support page and click on the Fix It button.

How do I reset Windows Update components?

Let me know how it goes.

Do you know what TeamViewer 5 program is and are you using it? If not, I suggest you to uninstall it.

--------------------

Please post back:
1. new look.txt as attachment
2. new MBAM report
3. result from my suggestions on the Firefox issue and Windows Update problem
4. the answer to my query on TeamViewer 5

Jack&Jill
MRU Teacher of Malware Removal University.
Member of ASAP and UNITE.


#11 BSAC

BSAC
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston, Texas, USA
  • Local time:01:57 PM

Posted 29 May 2011 - 09:01 PM

Jack&Jill,

Things are looking better. I have uninstalled DIVX suite, SpywareBlaster (kind of hard to tell if it helped, but will continue to evaluate), I ran the Microsoft fix for the Windows Automatic Update (it updated), and ran MBAM. TeamViewer 5 is a program I use to work on my mother's computer in another state (plus I can use it from my iPhone or iPad 2).

Look.txt attached. Here is the MBAM log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6708

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/29/2011 8:43:44 PM
mbam-log-2011-05-29 (20-43-44).txt

Scan type: Full scan (C:\|)
Objects scanned: 246916
Time elapsed: 1 hour(s), 9 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\kevin m sullivan\local settings\application data\fvc.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.


Regards,
Kevin

Attached Files

  • Attached File  look.txt   26.59KB   2 downloads

Be Strong And Courageous!

Kevin

#12 Jack&Jill

Jack&Jill

  • Malware Response Team
  • 385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South East Asia
  • Local time:01:57 AM

Posted 30 May 2011 - 08:53 AM

Hello BSAC :),

Glad to hear things are getting better.

Could you please attach these two files:
c:\documents and settings\all users\application data\avast software\avast\report\behaviorshield.txt
c:\documents and settings\all users\application data\avast software\avast\report\filesystemshield.txt

--------------------

Do an online scan with ESET Online Scanner.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.
  • Click here to go to ESET Online Scanner page.
  • Click on Run ESET Online Scanner. A new window will open.
    For FireFox user, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
  • After reading through the Terms of Use, check YES, I accept the Terms of Use and click Start to begin scan.
  • You will be prompted to install an ActiveX Control from ESET. Please install.
  • At the Computer scan settings section, uncheck (untick) Remove found threats. <-- Important, do not remove anything yet.
  • Then, check Scan archives.
  • Now, click on Advanced settings and make sure all these are checked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click on Scan to proceed.
  • When done, the scan result will be shown. Look for C:\Program Files\ESET\ESET Online Scanner\log.txt and open the file.
  • Post the contents in your reply.
If the contents of log.txt do not reflect what is shown in the result window, click on List of found threats, then Export to text file..., save a file and post that instead.

--------------------

Please post back:
1. the two files from Avast as attachment
2. ESET online scan result

Edited by Jack&Jill, 30 May 2011 - 08:55 AM.

Jack&Jill
MRU Teacher of Malware Removal University.
Member of ASAP and UNITE.


#13 BSAC

BSAC
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston, Texas, USA
  • Local time:01:57 PM

Posted 30 May 2011 - 08:42 PM

Jack&Jill,
Here is the log from the scan from ESET:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6522
# api_version=3.0.2
# EOSSerial=4af1ece5b0a69547bea99e1a123b4ebb
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-31 01:18:52
# local_time=2011-05-30 08:18:52 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 55691810 55691810 0 0
# compatibility_mode=1024 16777215 100 0 8051242 8051242 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=102055
# found=0
# cleaned=0
# scan_time=6074


Regards,
Kevin

Attached Files


Be Strong And Courageous!

Kevin

#14 Jack&Jill

Jack&Jill

  • Malware Response Team
  • 385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South East Asia
  • Local time:01:57 AM

Posted 31 May 2011 - 11:06 AM

Hello BSAC :),

You missed this:
c:\documents and settings\all users\application data\avast software\avast\report\filesystemshield.txt

Please attach it in your next reply.

--------------------

C: is FIXED (NTFS) - 75 GiB total, 1.961 GiB free.

You are running very low on disk space. This could also explain why the computer is slow.

Please download ATF (Atribune Temp File) Cleanerę by Atribune from one of the links below and save it to your desktop.

Link 1
Link 2
Link 3

Run ATF Cleaner
  • Exit all browsers.
  • Double-click ATF Cleaner.exe to open it.
  • Click Run if prompted.
  • At the bottom of the list, check (tick) Select All.
  • Note: If you would like to keep your cookies, please uncheck this option as it will remove all cookies, including the useful ones you may want to keep.
  • Then click the Empty Selected button.
  • Firefox:
    • Click Firefox at the top and choose: Select All. Uncheck the cookies option if you want to keep them.
    • Click the Empty Selected button.
    • Note: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.

Here are some tips on maintaining your computer in tip top condition.

--------------------

You should always keep your Java updated to the latest version too.
  • To set for automatic updates of Java, Go to Start > Control Panel.
  • Double click on the Java icon to open the Java Control Panel.
  • Click on the Update tab.
  • Make sure the option Check for Updates Automatically is ticked.
  • You can also update Java manually via the Update Now button, then continue accordingly.
  • Click on OK when you are done.
--------------------

Please uninstall the beta version of Firefox 4:
Mozilla Firefox 4.0b12 (x86 en-US)

You should also uninstall or remove this due to its status being debatable:
Search Toolbar

--------------------

There are still some remnants of AVG observable on your computer.

To completely remove AVG products after you uninstalled them, please download the AVG Remover. Click here. Choose the appropriate remover to be used from the list.

--------------------

Result from ESET is good. Besides those I have listed above, I would say the results so far are positive. Please rerun DDS and post back DDS.txt.

--------------------

Please post back:
1. filesystemshield.txt from Avast as attachment
2. DDS.txt
3. any more problems?

Jack&Jill
MRU Teacher of Malware Removal University.
Member of ASAP and UNITE.


#15 BSAC

BSAC
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston, Texas, USA
  • Local time:01:57 PM

Posted 31 May 2011 - 09:23 PM

Jack&Jill,

Things are going well here. I haven't noticed any more problems, but I haven't been supertasking since this started.

I know about the disk space. I am need of a larger hard drive. This new, 64GB iPad 2 and I are having trouble with the computer. I have managed to free up another 2.5GB.

I don't know which Firefox I was running, but I managed to skip a setting and wiped all my passwords and cookies. No worries. That simply means I get the opportunity to change everything (a security update).

Java was set to automatically update, but it hadn't. It is now updated.

I couldn't find "Search Toolbar." Instead, I found MSN toolbar and eradicated that.

Here is DDS:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Kevin M Sullivan at 20:49:40.71 on Tue 05/31/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.522 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Documents and Settings\Kevin M Sullivan\Application Data\Gyration\MotionTools\MotionTools.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Pandora\Pandora.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Kevin M Sullivan\Desktop\Fix2\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\search toolbar\tbhelper.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {6ced286f-7907-59d5-ef9a-e1fec8525718} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: TBSB05974 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\search toolbar\tbcore3.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Search Toolbar: {0c8413c1-fad1-446c-8584-be50576f863e} - c:\program files\search toolbar\tbcore3.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [MotionTools] c:\documents and settings\kevin m sullivan\application data\gyration\motiontools\MotionTools.exe
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [DLBXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBXtime.dll,_RunDLLEntry@16
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WWllGOC1DSzdRRy05VUJVUi03U1VMUy00NEtSMi1GS1NV"&"inst=NzctNTQzNDAxOTUzLVhMKzEtVDEtVUNBTEwrMS1CQVI4RysxLVVDQUxMMisyLVRCOCsyLUZMKzgtRjhNMTFDKzEtVVBHKzIwMTE"&"prod=90"&"ver=10.0.1204
StartupFolder: c:\docume~1\kevinm~1\startm~1\programs\startup\pandora.lnk - c:\program files\pandora\Pandora.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
mASetup: {90110409-6000-11D3-8CFE-0150048383C9} - msiexec.exe /fs {90110409-6000-11D3-8CFE-0150048383C9} /QB!
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\kevinm~1\applic~1\mozilla\firefox\profiles\bn0cjfhc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: c:\documents and settings\kevin m sullivan\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\kevin m sullivan\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-17 64288]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-18 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-18 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-18 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-18 42184]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2006-9-20 87936]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-6-10 35968]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-11 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-11-11 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-4-18 38224]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
.
=============== Created Last 30 ================
.
2011-05-30 23:28:43 -------- d-----w- c:\program files\ESET
2011-05-30 05:56:52 -------- d-----w- c:\program files\MSXML 4.0
2011-05-22 02:15:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\WEBREG
2011-05-22 02:09:20 -------- d-----w- c:\docume~1\kevinm~1\locals~1\applic~1\HP
2011-05-22 01:57:09 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2011-05-22 01:57:09 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
2011-05-22 01:55:24 -------- d-----w- c:\program files\Microsoft
2011-05-22 01:54:37 -------- d-----w- c:\windows\Cache
2011-05-22 01:54:36 -------- d-----w- c:\program files\Coupons
2011-05-22 01:54:25 -------- d-----w- c:\program files\HP Photo Creations
2011-05-22 01:54:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\HP Photo Creations
2011-05-22 01:51:00 -------- d-----w- c:\program files\common files\HP
2011-05-22 01:50:55 -------- d-----w- c:\program files\common files\Hewlett-Packard
2011-05-22 01:48:50 -------- d-----w- c:\program files\HP
2011-05-22 01:47:36 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2011-05-22 01:47:26 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2011-05-22 01:46:54 319488 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpfpp101.dll
2011-05-22 01:46:54 125952 ----a-w- c:\windows\system32\hpf3l101.dll
2011-05-22 01:46:53 452736 ----a-r- c:\windows\system32\hpzids01.dll
2011-05-22 01:46:43 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2011-05-22 01:45:19 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2011-05-22 01:45:19 319616 ----a-r- c:\windows\system32\hposc_p04a.dll
2011-05-22 01:45:19 309760 ----a-r- c:\windows\system32\difxapi.dll
2011-05-22 01:45:18 970880 ----a-r- c:\windows\system32\hpost_p04d.dll
2011-05-22 01:45:17 892032 ----a-r- c:\windows\system32\hposwia_p04d.dll
2011-05-20 21:35:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-20 21:28:20 -------- d-----w- c:\program files\iPod
2011-05-20 21:25:49 -------- d-----w- c:\program files\Bonjour
.
==================== Find3M ====================
.
2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr
2011-05-05 02:26:20 59 ----a-w- c:\windows\wpd99.drv
2011-04-14 10:07:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-14 07:40:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-06 21:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 21:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 21:10:13.39 ===============


Regards,
Kevin

Attached Files


Be Strong And Courageous!

Kevin




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users