Author Topic: PC is running sooooo s l o w l y... with various other issues (Read 8220 times)

nhchap · « **on:** November 12, 2011, 05:02:11 PM »

Hello,

My husband's Dell Dimension E510 PC is having problems opening programs (it can take literally minutes) to opein installed programs, and you must rightclick the program name and select 'open' in the dropdown or it can't find the program at all. Also, he removed the Avira Free Antivirus toolbar and since then we are continually seeing a little popup window stating the "avguard.exe has encountered a problem and needs to close", then the statement asking us to report the problem to Microsoft. It doesn't matter if we report it to Microsoft or choose not to, the popup window continues almost endlessly. If we walk away from the computer for a few minutes, dozens of the popup windows will build up on the screen. My husband is the main user of the machine but I also use it from time to time.

I was here a few years ago with some problems and you guys are the greatest! I remembered that I was to follow instructions and attach some logs so I have completed those steps and you will see the logs below. When I tried to verify my Java version, it said that there was no Java installed on my computer so I followed the Java website instructions to download and install Java.

Can you please help?

Thank you for reading my post,
nhchap

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/12/2011 at 02:34 AM

Application Version : 4.56.1000

Core Rules Database Version : 6164
Trace Rules Database Version: 3976

Scan type : Complete Scan
Total Scan Time : 02:43:07

Memory items scanned : 602
Memory threats detected : 0
Registry items scanned : 6691
Registry threats detected : 0
File items scanned : 97113
File threats detected : 37

Adware.Tracking Cookie
   C:\Documents and Settings\Owner\Cookies\5DLTX3JV.txt

Adware.MyWebSearch/FunWebProducts
   C:\Program Files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
   C:\Program Files\MyWebSearch\bar\1.bin\chrome
   C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
   C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
   C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
   C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
   C:\Program Files\MyWebSearch\bar\1.bin\INSTALL.RDF
   C:\Program Files\MyWebSearch\bar\1.bin
   C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
   C:\Program Files\MyWebSearch\bar\Avatar
   C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
   C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
   C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
   C:\Program Files\MyWebSearch\bar\Game
   C:\Program Files\MyWebSearch\bar\IE9Mesg\COMMON.F3S
   C:\Program Files\MyWebSearch\bar\IE9Mesg
   C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
   C:\Program Files\MyWebSearch\bar\Message
   C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
   C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
   C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
   C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
   C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
   C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
   C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
   C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
   C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
   C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
   C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
   C:\Program Files\MyWebSearch\bar\Notifier
   C:\Program Files\MyWebSearch\bar\Overlay\COMMON.F3S
   C:\Program Files\MyWebSearch\bar\Overlay
   C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
   C:\Program Files\MyWebSearch\bar\Settings
   C:\Program Files\MyWebSearch\bar
   C:\Program Files\MyWebSearch

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8148

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/12/2011 2:53:12 PM
mbam-log-2011-11-12 (14-53-12).txt

Scan type: Quick scan
Objects scanned: 163776
Time elapsed: 7 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_
XMLLookup (Hijacker.XMLLookup) -> Value: bak_XMLLookup -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_
Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_intl
(Hijacker.intl) -> Value: bak_intl -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\XMLLookup
(Hijacker.XMLLookup) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://
shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application
(Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://
shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\intl (Hijacker.intl) -> Bad: (http://
www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://
shell.windows.com/fileassoc/fileassoc.asp?
LangID=%04x&Ext=%s) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 15:21:43 on 2011-11-12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.517 [GMT -8:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Emsisoft\Online Armor\OAcat.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Emsisoft\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Common Files\AOL\1279610749\ee\AOLSoftware.exe
C:\Program Files\Emsisoft\Online Armor\oaui.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\HP Wireless Keyboard\KMaestro.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Emsisoft\Online Armor\OAhlp.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Verizon\VSP\ServicepointService.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avira\AntiVir Desktop\update.exe
C:\Program Files\Avira\AntiVir Desktop\updrgui.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Avira\AntiVir Desktop\update.exe
C:\Program Files\Avira\AntiVir Desktop\update.exe
C:\Program Files\Avira\AntiVir Desktop\update.exe
C:\Program Files\Avira\AntiVir Desktop\updrgui.exe
C:\Program Files\Avira\AntiVir Desktop\update.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {22e03916-85c5-44b0-8dc9-1830c11238d9} - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AOL Fast Start] "c:\progra~1\aol9~1.5\AOL.EXE" -b
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart
uRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [HostManager] c:\program files\common files\aol\1279610749\ee\AOLSoftware.exe
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [IDTSysTrayApp] sttray.exe
mRun: [@OnlineArmor GUI] "c:\program files\emsisoft\online armor\oaui.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [BtcMaestro] "c:\program files\hp wireless keyboard\KMaestro.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\documents and settings\owner\start menu\programs\startup\OneNote Table Of Contents.onetoc2
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1287802834750
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1277922482697
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{5BF5000C-9C72-409E-974F-303BD1EEE834} : DhcpNameServer = 192.168.1.1 68.238.64.12
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\emsisoft\online~1\oaevent.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 nwprovau
.
============= SERVICES / DRIVERS ===============
.
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-11-11 236104]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-11-11 22600]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-11-11 28232]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-27 86224]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-27 74640]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-8-15 54760]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 OAcat;Online Armor Helper Service;c:\program files\emsisoft\online armor\oacat.exe [2010-11-11 1283400]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2010-11-9 838200]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2010-11-9 319032]
R2 ServicepointService;ServicepointService;c:\program files\verizon\vsp\ServicepointService.exe [2010-10-3 689392]
R2 SvcOnlineArmor;Online Armor;c:\program files\emsisoft\online armor\oasrv.exe [2010-11-11 3364680]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S1 avgio;avgio;\??\c:\program files\avira\antivir desktop\avgio.sys --> c:\program files\avira\antivir desktop\avgio.sys [?]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-10-27 110032]
S2 AviraUpgradeService;Avira Upgrade Service;"c:\windows\temp\avsetup_4ebda3fa\avupgsvc.exe" /tempstart:""c:\windows\temp\avsetup_4ebda3fa\setup.exe" /notempcleanup /crossupgrade" --> c:\windows\temp\avsetup_4ebda3fa\avupgsvc.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-1 136176]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-1 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-10 14336]
S3 SysProtDrv.sys;SysProtDrv.sys;\??\c:\documents and settings\owner\desktop\new folder\sysprot\sysprotdrv.sys --> c:\documents and settings\owner\desktop\new folder\sysprot\SysProtDrv.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-10 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-12 23:16:15   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-11-12 22:17:05   22216   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-11-12 22:17:05   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-11-12 06:57:51   --------   d-----w-   c:\program files\CCleaner
2011-11-05 13:47:43   --------   d-----w-   c:\windows\system32\wbem\repository\FS
2011-11-05 13:47:43   --------   d-----w-   c:\windows\system32\wbem\Repository
2011-11-02 04:47:38   --------   d-----w-   c:\program files\common files\xing shared
2011-11-02 00:52:55   --------   d-----w-   c:\program files\QuickTime(2)
2011-10-30 18:10:33   --------   d-sh--w-   C:\found.000
2011-10-27 13:21:27   --------   d-----w-   c:\documents and settings\owner\application data\Avira
2011-10-27 13:13:58   74640   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2011-10-27 13:13:58   36000   ----a-w-   c:\windows\system32\drivers\avkmgr.sys
2011-10-27 13:13:51   --------   d-----w-   c:\program files\Avira
2011-10-27 12:00:59   --------   d-----w-   c:\documents and settings\owner\application data\AskToolbar
2011-10-27 04:32:38   --------   d-----w-   c:\documents and settings\owner\local settings\application data\AskToolbar
2011-10-27 04:25:52   --------   d-----w-   c:\program files\Ask.com
2011-10-27 04:25:52   --------   d-----w-   C:\Firefox
2011-10-27 04:25:26   --------   d-----w-   c:\documents and settings\all users\application data\Avira
2011-10-24 21:29:02   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2011-10-24 21:29:02   69632   ----a-w-   c:\windows\system32\QuickTime.qts
.
==================== Find3M ====================
.
2011-11-12 23:14:51   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-10-14 21:21:55   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50   599040   ----a-w-   c:\windows\system32\crypt32.dll
2011-09-26 18:41:20   611328   ----a-w-   c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20   220160   ----a-w-   c:\windows\system32\oleacc.dll
2011-09-26 18:41:14   20480   ----a-w-   c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51   1858944   ----a-w-   c:\windows\system32\win32k.sys
2011-08-22 23:48:55   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-08-22 23:48:54   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39   385024   ----a-w-   c:\windows\system32\html.iec
2011-08-17 13:49:54   138496   ----a-w-   c:\windows\system32\drivers\afd.sys
2010-07-17 05:57:36   61733800   ----a-w-   c:\program files\OM220Setup.exe
.
============= FINISH: 15:26:45.07 ===============

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 15:21:43 on 2011-11-12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.517 [GMT -8:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Emsisoft\Online Armor\OAcat.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Emsisoft\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Common Files\AOL\1279610749\ee\AOLSoftware.exe
C:\Program Files\Emsisoft\Online Armor\oaui.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\HP Wireless Keyboard\KMaestro.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Emsisoft\Online Armor\OAhlp.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Verizon\VSP\ServicepointService.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avira\AntiVir Desktop\update.exe
C:\Program Files\Avira\AntiVir Desktop\updrgui.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Avira\AntiVir Desktop\update.exe
C:\Program Files\Avira\AntiVir Desktop\update.exe
C:\Program Files\Avira\AntiVir Desktop\update.exe
C:\Program Files\Avira\AntiVir Desktop\updrgui.exe
C:\Program Files\Avira\AntiVir Desktop\update.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {22e03916-85c5-44b0-8dc9-1830c11238d9} - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents

and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft

shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google

toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AOL Fast Start] "c:\progra~1\aol9~1.5\AOL.EXE" -b
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart
uRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [HostManager] c:\program files\common files\aol\1279610749\ee\AOLSoftware.exe
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [IDTSysTrayApp] sttray.exe
mRun: [@OnlineArmor GUI] "c:\program files\emsisoft\online armor\oaui.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [BtcMaestro] "c:\program files\hp wireless keyboard\KMaestro.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\documents and settings\owner\start menu\programs\startup\OneNote Table Of Contents.onetoc2
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security

scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop

search\WindowsSearch.exe
IE: Google Sidewiki... - c:\program files\google\google

toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows

live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} -

hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1287802834750
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1277922482697
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{5BF5000C-9C72-409E-974F-303BD1EEE834} : DhcpNameServer = 192.168.1.1 68.238.64.12
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows

desktop search\MSNLNamespaceMgr.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\emsisoft\online~1\oaevent.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 nwprovau
.
============= SERVICES / DRIVERS ===============
.
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-11-11 236104]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-11-11 22600]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-11-11 28232]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-27 86224]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-27 74640]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-8-15 54760]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 OAcat;Online Armor Helper Service;c:\program files\emsisoft\online armor\oacat.exe [2010-11-11 1283400]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2010-11-9 838200]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2010-11-9 319032]
R2 ServicepointService;ServicepointService;c:\program files\verizon\vsp\ServicepointService.exe [2010-10-3 689392]
R2 SvcOnlineArmor;Online Armor;c:\program files\emsisoft\online armor\oasrv.exe [2010-11-11 3364680]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S1 avgio;avgio;\??\c:\program files\avira\antivir desktop\avgio.sys --> c:\program files\avira\antivir desktop\avgio.sys [?]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-10-27 110032]
S2 AviraUpgradeService;Avira Upgrade Service;"c:\windows\temp\avsetup_4ebda3fa\avupgsvc.exe"

/tempstart:""c:\windows\temp\avsetup_4ebda3fa\setup.exe" /notempcleanup /crossupgrade" -->

c:\windows\temp\avsetup_4ebda3fa\avupgsvc.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-1 136176]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-1 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys -->

c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security

scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-10 14336]
S3 SysProtDrv.sys;SysProtDrv.sys;\??\c:\documents and settings\owner\desktop\new folder\sysprot\sysprotdrv.sys -->

c:\documents and settings\owner\desktop\new folder\sysprot\SysProtDrv.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-10 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache

4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-12 23:16:15   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-11-12 22:17:05   22216   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-11-12 22:17:05   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-11-12 06:57:51   --------   d-----w-   c:\program files\CCleaner
2011-11-05 13:47:43   --------   d-----w-   c:\windows\system32\wbem\repository\FS
2011-11-05 13:47:43   --------   d-----w-   c:\windows\system32\wbem\Repository
2011-11-02 04:47:38   --------   d-----w-   c:\program files\common files\xing shared
2011-11-02 00:52:55   --------   d-----w-   c:\program files\QuickTime(2)
2011-10-30 18:10:33   --------   d-sh--w-   C:\found.000
2011-10-27 13:21:27   --------   d-----w-   c:\documents and settings\owner\application data\Avira
2011-10-27 13:13:58   74640   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2011-10-27 13:13:58   36000   ----a-w-   c:\windows\system32\drivers\avkmgr.sys
2011-10-27 13:13:51   --------   d-----w-   c:\program files\Avira
2011-10-27 12:00:59   --------   d-----w-   c:\documents and settings\owner\application data\AskToolbar
2011-10-27 04:32:38   --------   d-----w-   c:\documents and settings\owner\local settings\application data\AskToolbar
2011-10-27 04:25:52   --------   d-----w-   c:\program files\Ask.com
2011-10-27 04:25:52   --------   d-----w-   C:\Firefox
2011-10-27 04:25:26   --------   d-----w-   c:\documents and settings\all users\application data\Avira
2011-10-24 21:29:02   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2011-10-24 21:29:02   69632   ----a-w-   c:\windows\system32\QuickTime.qts
.
==================== Find3M ====================
.
2011-11-12 23:14:51   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-10-14 21:21:55   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50   599040   ----a-w-   c:\windows\system32\crypt32.dll
2011-09-26 18:41:20   611328   ----a-w-   c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20   220160   ----a-w-   c:\windows\system32\oleacc.dll
2011-09-26 18:41:14   20480   ----a-w-   c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51   1858944   ----a-w-   c:\windows\system32\win32k.sys
2011-08-22 23:48:55   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-08-22 23:48:54   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39   385024   ----a-w-   c:\windows\system32\html.iec
2011-08-17 13:49:54   138496   ----a-w-   c:\windows\system32\drivers\afd.sys
2010-07-17 05:57:36   61733800   ----a-w-   c:\program files\OM220Setup.exe
.
============= FINISH: 15:26:45.07 ===============

nhchap · « **Reply #1 on:** November 12, 2011, 05:10:49 PM »

ADDITION TO FIRST POST:

I believe I mistakenly posted a log twice in my first posting when I should have posted this as the second DDS log.

My apologies,
nhchap

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/30/2010 10:49:59 AM
System Uptime: 11/12/2011 2:55:49 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0KF623
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 113.495 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: IDT High Definition Audio CODEC
Device ID: HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_102801AB&REV_1032\4&B5B2454&0&0001
Manufacturer: IDT
Name: IDT High Definition Audio CODEC
PNP Device ID: HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_102801AB&REV_1032\4&B5B2454&0&0001
Service: STHDA
.
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Creative Audigy Audio Processor (WDM)
Device ID: PCI\VEN_1102&DEV_0004&SUBSYS_20061102&REV_04\4&5855BE9&0&10F0
Manufacturer: Creative Technology, Ltd.
Name: Creative SB Audigy 2 ZS (WDM)
PNP Device ID: PCI\VEN_1102&DEV_0004&SUBSYS_20061102&REV_04\4&5855BE9&0&10F0
Service: ctaud2k
.
==== System Restore Points ===================
.
RP343: 11/3/2011 9:17:33 AM - Software Distribution Service 3.0
RP344: 11/5/2011 6:45:45 AM - Restore Operation
RP345: 11/6/2011 2:00:29 AM - Software Distribution Service 3.0
RP346: 11/7/2011 2:31:13 AM - System Checkpoint
RP347: 11/9/2011 11:56:20 AM - System Checkpoint
RP348: 11/10/2011 3:00:45 AM - Software Distribution Service 3.0
RP349: 11/12/2011 2:46:10 AM - Software Distribution Service 3.0
RP350: 11/12/2011 3:02:45 AM - System Checkpoint
RP351: 11/12/2011 3:14:04 PM - Installed Java(TM) 6 Update 29
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.1)
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Software Update
ArcSoft Panorama Maker 5
Ashampoo Burning Studio 6 FREE
ATI Display Driver
Avira AntiVir Personal - Free Antivirus
AVS DVD Player version 2.4
AVS4YOU Software Navigator 1.2
Bing Bar
Bing Rewards Client Installer
CCleaner
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Download Updater (AOL LLC)
ESPNMotion
File Uploader
GemMaster Mystic
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Officejet 6500 E710n-z Basic Device Software
HP Officejet 6500 E710n-z Help
HP Officejet 6500 E710n-z Product Improvement Study
HP Update
HP Wireless Keyboard Driver V1.7 (2.0.W-127AU MUL)
I.R.I.S. OCR
Intel(R) PRO Network Connections Drivers
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
LG Android Drivers
LG USB Modem driver
Malwarebytes' Anti-Malware version 1.51.2.1300
Marketsplash Shortcuts
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Office Converter Pack
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XML Parser
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Nikon Message Center
Nikon Transfer
OLYMPUS Master 2
Online Armor 4.0
Otto
Picture Control Utility
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Secunia PSI (1.9.0.5004)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Shutterfly Express Uploader
Sonic Encoders
Speccy
Spelling Dictionaries Support For Adobe Reader 9
SpywareBlaster 4.4
SUPERAntiSpyware
The Weather Channel Desktop 6
Uninstall AOL Emergency Connect Utility 1.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
V CAST Music with Rhapsody
Verizon Servicepoint 3.5.14
Verizon V CAST Media Manager
ViewNX
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WOT for Internet Explorer
.
==== Event Viewer Messages From Past Week ========
.
11/9/2011 9:43:16 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio
11/9/2011 9:43:02 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
11/9/2011 9:43:02 AM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
11/9/2011 9:43:02 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/5/2011 11:52:21 PM, error: Service Control Manager [7024] - The Avira AntiVir Guard service terminated with service-specific error 306 (0x132).
11/5/2011 10:10:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: General access denied error
11/12/2011 5:52:32 AM, error: Service Control Manager [7000] - The Avira Upgrade Service service failed to start due to the following error: The system cannot find the path specified.
11/12/2011 5:48:19 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Avira AntiVir Guard service to connect.
11/12/2011 5:48:19 AM, error: Service Control Manager [7000] - The Avira AntiVir Guard service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/12/2011 1:23:41 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
11/12/2011 1:23:41 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/12/2011 1:23:09 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
11/12/2011 1:23:09 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/11/2011 8:40:00 PM, error: Schedule [7901] - The At2.job command failed to start due to the following error: General access denied error
11/10/2011 2:00:00 PM, error: Schedule [7901] - The At4.job command failed to start due to the following error: General access denied error
11/10/2011 12:23:45 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for ImagePath with the following error: Access is denied.
.
==== End Of File ===========================

SuperDave · « **Reply #2 on:** November 13, 2011, 04:50:23 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

* ViewMgr.exe - Useless
* Viewpoint to Plunge Into Adware

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology
**************************************************
Download OTL to your desktop.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL
BHO: {22e03916-85c5-44b0-8dc9-1830c11238d9} - No File
BHO: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No File
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
BHO: {22e03916-85c5-44b0-8dc9-1830c11238d9} - No File
BHO: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No File
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File

:files 
C:\found.000

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
******************************************************************
Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you want to use Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

nhchap · « **Reply #3 on:** November 18, 2011, 09:42:54 PM »

Hi Dave,

Thank you for answering my post.
I folllowed your suggestion and found and removed "Viewpoint Media Player" from my Programs list.
I downloaded OTL and followed your instructions. I will copy and paste the report below.
Next I tried to diable my Avira Antivirus and ran in to problems

. I followed the directions in the link provided and thought all was fine but COMBOFIX told me that the Antivirus was still running. I tried to remove it through Add/Remove Programs and it updated 2 or 3 times then 'removed' but COMBOFIX still told me it was running but that it would try to run anyway. I clicked OK and will copy and paste the log it gave me below as well.
Thanks again,
nhchap

========== OTL ==========
========== FILES ==========
C:\found.000\dir0000.chk folder moved successfully.
C:\found.000 folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11182011_180406

ComboFix 11-11-18.02 - Owner 11/18/2011 19:02:22.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.426 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *Disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\SPL27D.tmp
c:\documents and settings\Owner\Application Data\PCFix
c:\documents and settings\Owner\Application Data\PCFix\log.dat
c:\documents and settings\Owner\Application Data\PCFix\unresolvederrors.dat
c:\documents and settings\Owner\Application Data\PriceGong
c:\documents and settings\Owner\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\z.xml
c:\program files\TotalRecipeSearch_14
c:\program files\TotalRecipeSearch_14\bar\1.bin\chrome\14ffxtbr.jar
c:\program files\TotalRecipeSearch_14\bar\1.bin\INSTALL.RDF
c:\program files\TotalRecipeSearch_14\bar\1.bin\LOGO.BMP
c:\program files\TotalRecipeSearch_14\bar\Cache\00720F18
c:\program files\TotalRecipeSearch_14\bar\Cache\0072259E
c:\program files\TotalRecipeSearch_14\bar\Cache\00722725.bmp
c:\program files\TotalRecipeSearch_14\bar\Cache\007227A2.bmp
c:\program files\TotalRecipeSearch_14\bar\Cache\007227FF.bmp
c:\program files\TotalRecipeSearch_14\bar\Cache\0072287C.bmp
c:\program files\TotalRecipeSearch_14\bar\Cache\007228EA.bmp
c:\program files\TotalRecipeSearch_14\bar\Cache\00722938.bmp
c:\program files\TotalRecipeSearch_14\bar\Cache\00722A22.bmp
c:\program files\TotalRecipeSearch_14\bar\Cache\00722A70.bmp
c:\program files\TotalRecipeSearch_14\bar\Cache\00722ACE.bmp
c:\program files\TotalRecipeSearch_14\bar\Cache\00724BA4.bmp
c:\program files\TotalRecipeSearch_14\bar\Cache\00724C21.bmp
c:\program files\TotalRecipeSearch_14\bar\History\search3
c:\program files\TotalRecipeSearch_14\bar\IE9Mesg\COMMON.T8S
c:\program files\TotalRecipeSearch_14\bar\Message\COMMON.T8S
c:\program files\TotalRecipeSearch_14\bar\Settings\prevcfg2.htm
c:\program files\TotalRecipeSearch_14\bar\Settings\s_pid.dat
c:\program files\TotalRecipeSearch_14\TotalRecipeSearch_14\Cache\PopupProperties100023737.html
c:\program files\TotalRecipeSearch_14\TotalRecipeSearch_14\Cache\PopupProperties100023739.html
c:\program files\TotalRecipeSearch_14\TotalRecipeSearch_14\Cache\PopupProperties100024344.html
c:\program files\TotalRecipeSearch_14\TotalRecipeSearch_14\Cache\PopupProperties100025727.html
c:\program files\TotalRecipeSearch_14\TotalRecipeSearch_14\Cache\PopupProperties100025731.html
c:\program files\TotalRecipeSearch_14\TotalRecipeSearch_14\Cache\PopupProperties100065004.html
c:\program files\TotalRecipeSearch_14\TotalRecipeSearch_14\Cache\PopupProperties200821740.html
c:\windows\CSC\d6
c:\windows\kb913800.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 )))))))))))))))))))))))))))))))
.
.
2011-11-19 02:04 . 2011-11-19 02:04   --------   d-----w-   C:\_OTL
2011-11-12 23:17 . 2011-11-12 23:17   --------   d-----w-   c:\program files\Common Files\Java
2011-11-12 23:16 . 2011-11-12 23:14   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-11-12 22:17 . 2011-11-12 22:17   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-11-12 22:17 . 2011-09-01 01:00   22216   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-11-12 06:57 . 2011-11-12 06:57   --------   d-----w-   c:\program files\CCleaner
2011-11-05 13:47 . 2011-11-05 13:47   --------   d-----w-   c:\windows\system32\wbem\Repository
2011-11-02 04:48 . 2011-11-02 04:48   --------   d-----w-   c:\program files\QuickTime
2011-11-02 04:47 . 2011-11-02 04:47   --------   d-----w-   c:\program files\Common Files\xing shared
2011-11-02 00:47 . 2011-11-02 00:47   --------   d-----w-   c:\documents and settings\Default User\Local Settings\Application Data\Apple Computer
2011-10-27 13:21 . 2011-10-27 13:21   --------   d-----w-   c:\documents and settings\Owner\Application Data\Avira
2011-10-27 13:13 . 2011-10-19 23:56   74640   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2011-10-27 13:13 . 2011-10-19 23:56   36000   ----a-w-   c:\windows\system32\drivers\avkmgr.sys
2011-10-27 13:13 . 2011-10-19 23:56   134344   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2011-10-27 13:13 . 2011-10-27 13:13   --------   d-----w-   c:\program files\Avira
2011-10-27 12:00 . 2011-10-27 12:01   --------   d-----w-   c:\documents and settings\Owner\Application Data\AskToolbar
2011-10-27 04:32 . 2011-10-29 03:30   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\AskToolbar
2011-10-27 04:26 . 2011-10-27 04:26   --------   d-----w-   c:\documents and settings\Default User\Local Settings\Application Data\AskToolbar
2011-10-27 04:25 . 2011-10-27 04:26   --------   d-----w-   c:\program files\Ask.com
2011-10-27 04:25 . 2011-10-27 04:25   --------   d-----w-   C:\Firefox
2011-10-27 04:25 . 2011-10-27 13:13   --------   d-----w-   c:\documents and settings\All Users\Application Data\Avira
2011-10-24 21:29 . 2011-10-24 21:29   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2011-10-24 21:29 . 2011-10-24 21:29   69632   ----a-w-   c:\windows\system32\QuickTime.qts
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-12 23:14 . 2010-07-29 03:15   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-10-14 21:21 . 2011-05-17 20:14   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2010-06-30 17:44   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-10 11:00   599040   ----a-w-   c:\windows\system32\crypt32.dll
2011-09-26 18:41 . 2008-07-30 02:59   611328   ----a-w-   c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2004-08-10 11:00   220160   ----a-w-   c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2004-08-10 11:00   20480   ----a-w-   c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2004-08-10 11:00   1858944   ----a-w-   c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2004-08-10 11:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-10 11:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-10 11:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-08-22 17:03 . 2009-08-18 18:30   564632   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2011-08-22 17:03 . 2009-08-18 18:24   18328   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-22 11:56 . 2004-08-10 11:00   385024   ----a-w-   c:\windows\system32\html.iec
2010-07-17 05:57 . 2009-06-23 16:33   61733800   ----a-w-   c:\program files\OM220Setup.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-02 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"AOL Fast Start"="c:\progra~1\AOL9~1.5\AOL.EXE" [2010-03-23 29520]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-26 95632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2010-04-16 818288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2010-03-16 4281584]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-11-26 54672]
"HostManager"="c:\program files\Common Files\AOL\1279610749\ee\AOLSoftware.exe" [2010-02-10 41800]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"IDTSysTrayApp"="sttray.exe" [2007-09-06 405504]
"@OnlineArmor GUI"="c:\program files\Emsisoft\Online Armor\oaui.exe" [2010-07-07 6854984]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-16 479232]
"BtcMaestro"="c:\program files\HP Wireless Keyboard\KMaestro.exe" [2005-02-21 245760]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-05-26 273544]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
OneNote Table Of Contents.onetoc2 [2010-10-10 3072]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2010-11-9 290872]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\Emsisoft\ONLINE~1\oaevent.dll" [2010-07-07 924488]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages   REG_MULTI_SZ     msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Verizon\\VSP\\ServicepointService.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1279610749\\ee\\aolsoftware.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [11/11/2010 11:12 PM 236104]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [11/11/2010 11:12 PM 22600]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [11/11/2010 11:12 PM 28232]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/27/2011 5:14 AM 86224]
R2 OAcat;Online Armor Helper Service;c:\program files\Emsisoft\Online Armor\oacat.exe [11/11/2010 11:12 PM 1283400]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [11/9/2010 5:24 AM 838200]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [11/9/2010 5:24 AM 319032]
R2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [10/3/2010 9:02 AM 689392]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 12:30 AM 15544]
S2 AviraUpgradeService;Avira Upgrade Service;"c:\windows\TEMP\AVSETUP_4ec71ad9\avupgsvc.exe" /TEMPSTART:""c:\windows\TEMP\AVSETUP_4ec71ad9\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE" --> c:\windows\TEMP\AVSETUP_4ec71ad9\avupgsvc.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/1/2010 8:23 PM 136176]
S2 SvcOnlineArmor;Online Armor;c:\program files\Emsisoft\Online Armor\oasrv.exe [11/11/2010 11:12 PM 3364680]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2/28/2011 5:44 PM 183560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/1/2010 8:23 PM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 4:49 AM 227232]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/10/2004 3:00 AM 14336]
S3 SysProtDrv.sys;SysProtDrv.sys;\??\c:\documents and settings\Owner\Desktop\New Folder\SysProt\SysProtDrv.sys --> c:\documents and settings\Owner\Desktop\New Folder\SysProt\SysProtDrv.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/10/2004 3:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM   REG_MULTI_SZ     WINRM
nosGetPlusHelper   REG_MULTI_SZ     nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2011-11-18 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-06-15 00:07]
.
2011-11-18 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-06-15 00:07]
.
2011-11-19 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-06-15 00:07]
.
2011-11-18 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-06-15 00:07]
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-02 04:23]
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-02 04:23]
.
2011-11-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-57989841-1757981266-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]
.
2011-11-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-57989841-1757981266-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]
.
2011-11-19 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-07-28 05:41]
.
2011-11-19 c:\windows\Tasks\User_Feed_Synchronization-{9CDE729F-ABAC-49CB-8D5C-361B2F3D7D33}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{22e03916-85c5-44b0-8dc9-1830c11238d9} - (no file)
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-Locked - (no file)
HKLM-Run-CTHelper - CTHELPER.EXE
HKLM-Run-CTxfiHlp - CTXFIHLP.EXE
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\FlashUtil10x_ActiveX.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-18 19:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-57989841-1757981266-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(660)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\l3codeca.acm
c:\windows\system32\scg726.acm
c:\windows\system32\alf2cd.acm
c:\windows\system32\AC3ACM.acm
c:\windows\system32\sirenacm.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
.
Completion time: 2011-11-18 19:38:35
ComboFix-quarantined-files.txt 2011-11-19 03:38
ComboFix2.txt 2010-10-28 08:03
.
Pre-Run: 119,656,988,672 bytes free
Post-Run: 120,432,971,776 bytes free
.
- - End Of File - - 7F87DCF2BF2061F3B58AC8D3C8F26C05

SuperDave · « **Reply #4 on:** November 19, 2011, 11:56:32 AM »

I strongly recommend that you remove Ask from your computer because it;

•Promotes its toolbars on sites targeted to kids.

•Promotes its toolbars through ads that appear to be part of other companies' sites.

•Promotes its toolbars through other companies' spyware.

•Installs without any disclosure whatsoever and without any consent whatsoever.

•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.

•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

See Here for more info.

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

•AskBarDis or anything related to Ask

Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis. or anything related to Ask.
****************************************************
Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

File::
c:\windows\Tasks\At1.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
I don't need to see the log from this script.

**************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

nhchap · « **Reply #5 on:** November 20, 2011, 09:52:03 AM »

Hello again,

I completed the tasks listed in your last reply and have included the log from Sysprot.exe as you requested.

Thanks,
nhchap

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: F44D6000
Module End: F44EE000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7A76000
Module End: F7A78000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAllocateVirtualMemory
Address: F4641ED0
Driver Base: F4623000
Driver End: F4671000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwAssignProcessToJobObject
Address: F4642700
Driver Base: F4623000
Driver End: F4671000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwConnectPort
Address: F463FDA0
Driver Base: F4623000
Driver End: F4671000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwCreateFile
Address: F464F9C0
Driver Base: F4623000
Driver End: F4671000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwCreatePort
Address: F463F8E0
Driver Base: F4623000
Driver End: F4671000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwCreateProcess
Address: F463C620
Driver Base: F4623000
Driver End: F4671000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwCreateProcessEx
Address: F463CA30
Driver Base: F4623000
Driver End: F4671000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwCreateSection
Address: F463BEF0
Driver Base: F4623000
Driver End: F4671000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwCreateThread
Address: F463DF20
Driver Base: F4623000
Driver End: F4671000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwDebugActiveProcess
Address: F463EB90
Driver Base: F4623000
Driver End: F4671000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwDuplicateObject
Address: F463F6F0
Driver Base: F4623000
Driver End: F4671000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwLoadDriver
Address: F4641490
Driver Base: F4623000
Driver End: F4671000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwOpenFile
Address: F4650040
Driver Base: F4623000
Driver End: F4671000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwOpenProcess
Address: F463DA20
Driver Base: F4623000
Driver End: F4671000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwOpenSection
Address: F463C310
Driver Base: F4623000
Driver End: F4671000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwOpenThread
Address: F463E420
Driver Base: F4623000
Driver End: F4671000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwProtectVirtualMemory
Address: F4642350
Driver Base: F4623000
Driver End: F4671000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwQueryDirectoryFile
Address: F4641A70
Driver Base: F4623000
Driver End: F4671000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwQueueApcThread
Address: F46428A0
Driver Base: F4623000
Driver End: F4671000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwRequestPort
Address: F46409A0
Driver Base: F4623000
Driver End: F4671000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwRequestWaitReplyPort
Address: F4640F90
Driver Base: F4623000
Driver End: F4671000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwRestoreKey
Address: F464F550
Driver Base: F4623000
Driver End: F4671000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwResumeThread
Address: F463F340
Driver Base: F4623000
Driver End: F4671000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwSecureConnectPort
Address: F4640190
Driver Base: F4623000
Driver End: F4671000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwSetContextThread
Address: F463E970
Driver Base: F4623000
Driver End: F4671000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwSetSystemInformation
Address: F463ED30
Driver Base: F4623000
Driver End: F4671000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwShutdownSystem
Address: F4641370
Driver Base: F4623000
Driver End: F4671000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwSuspendProcess
Address: F463F520
Driver Base: F4623000
Driver End: F4671000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwSuspendThread
Address: F463F130
Driver Base: F4623000
Driver End: F4671000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwSystemDebugControl
Address: F463EF40
Driver Base: F4623000
Driver End: F4671000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwTerminateProcess
Address: F463DC80
Driver Base: F4623000
Driver End: F4671000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwTerminateThread
Address: F463E760
Driver Base: F4623000
Driver End: F4671000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwUnloadDriver
Address: F4641780
Driver Base: F4623000
Driver End: F4671000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwWriteVirtualMemory
Address: F4642520
Driver Base: F4623000
Driver End: F4671000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No hidden files/folders found

SuperDave · « **Reply #6 on:** November 20, 2011, 10:43:48 AM »

Is your computer any better?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Computer Hope Forum

News:

Author Topic: PC is running sooooo s l o w l y... with various other issues (Read 8220 times)

nhchap

PC is running sooooo s l o w l y... with various other issues

nhchap

Re: PC is running sooooo s l o w l y... with various other issues

SuperDave

Re: PC is running sooooo s l o w l y... with various other issues

nhchap

Re: PC is running sooooo s l o w l y... with various other issues

SuperDave

Re: PC is running sooooo s l o w l y... with various other issues

nhchap

Re: PC is running sooooo s l o w l y... with various other issues

SuperDave

Re: PC is running sooooo s l o w l y... with various other issues