WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93121 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

INFECTED PLEASE HELP

Started by MARIANNE97 , Nov 07 2011 01:03 AM

This topic is locked

61 replies to this topic

#46 MARIANNE97

Authentic Member

Authentic Member
36 posts

Posted 20 November 2011 - 05:11 PM

Hi Jontom

It doesn't give me the explore option when I right click on the start button....It gives options properties and open windows explorer. I ran eset again and it still shows up as a threat. Also on machine 2 the 7 threats still showing up. I was bored and thought I'd run another scan.

Advertisements

Register to Remove

#47 JonTom

Teacher Emeritus

Malware Team
5,496 posts

Posted 20 November 2011 - 05:36 PM

Hello MARIANNE97

open windows explorer

Thats the one - it should allow you to navigate to the required location

Also on machine 2 the 7 threats still showing up

Are those threats located in OTM quarantine?

If they are they will be removed when we remove OTM. If not, we will need to take a closer look at the machine.

Please let me know in your next reply.

Would you like to help others? Join the Classroom and learn how.

Member of UNITE
Proud Graduate of the WTT Classroom

#48 MARIANNE97

Authentic Member

Authentic Member
36 posts

Posted 20 November 2011 - 05:46 PM

Hi again,

I tried to find the file and couldn't find it so I just typed in the word softonic in the search on bottom of start menu and it brought up the file or program so I sent it to the recycle bin and emptied it. The 7 threats showing up on machine 2 (6) of them say moved and the last one says failed to move. I hope this helps

#49 MARIANNE97

Authentic Member

Authentic Member
36 posts

Posted 20 November 2011 - 07:08 PM

I ran another eset scan on machine 3 after deleting the softonic file or program that came up and it came up clean

Should I try anything else to make sure on this one?

#50 MARIANNE97

Authentic Member

Authentic Member
36 posts

Posted 20 November 2011 - 07:45 PM

On machine 2 I misread the eset scan (sorry about that) It looks like all 7 of the files did move

I'll just wait for further instructions from you

Thank you

#51 JonTom

Teacher Emeritus

Malware Team
5,496 posts

Posted 21 November 2011 - 02:03 AM

Hello MARIANNE97

I ran another eset scan on machine 3 after deleting the softonic file or program that came up and it came up clean smile.gif
Should I try anything else to make sure on this one?

See below.

On machine 2 I misread the eset scan (sorry about that) It looks like all 7 of the files did move smile.gif

Good

We will remove those tools shortly.

I need you to tell me how those machines are running. Are they displaying any obvious problems? (Popups, redirects, error messages etc)?

Lets run a couple of general scans on each machine:

======

Machine 2

Please perform the following scan
- Please download DDS from here and save it to your desktop.
- Disable any script blocking protection (How to Disable your Security Programs)
- Right click on the DDS icon and select "Run as Administrator" to run the tool (may take up to 3 minutes to run).
- When done, DDS.txt will open.
- After a few moments, attach.txt will open in a second window.
- Save both reports to your desktop.
- Please post the contents of the DDS.txt and Attach.txt logs in your next reply.
aswMBR
- Download aswMBR.exe to your desktop.
- Right click the aswMBR.exe icon and select run as Administrator to run it.
- When asked if you want to download Avast's virus definitions please select Yes.
- Click the "Scan" button to start scan.
- On completion of the scan click save log, save it to your desktop and post in your next reply.
Please post the DDS logs and the aswMBR log in your next reply.

Would you like to help others? Join the Classroom and learn how.

Member of UNITE
Proud Graduate of the WTT Classroom

#52 MARIANNE97

Authentic Member

Authentic Member
36 posts

Posted 21 November 2011 - 03:18 PM

Hello Jontom

All completed below are the text logs...Thank you

(DDS LOG)

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by April at 15:46:58 on 2011-11-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2940.1941 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\windows\system32\igfxext.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k WindowsMobile
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\windows\system32\DllHost.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.startpage.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [MyTOSHIBA] "c:\program files\toshiba\my toshiba\MyToshiba.exe" /AUTO
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
uRun: [CPN Notifier] c:\program files\all in poker\PokerNotifier.exe
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
mRun: [<NO NAME>]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDED
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{5B6EF2F4-9651-4142-9050-53713075136C} : DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{5B6EF2F4-9651-4142-9050-53713075136C}\2716D616461633 : DhcpNameServer = 172.20.100.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-28 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-11-28 320856]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-28 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-11-28 54616]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-9-11 44768]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-11 185712]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19 12920]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-10-27 7680]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2009-10-27 24064]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-23 275048]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-4-26 1011232]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-3-24 126696]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-10-27 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-9-17 111960]
R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-6 685424]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-16 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-16 135664]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-10-27 171520]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-29 52224]
S3 UsbFltr;WayTech USB Filter Driver1;c:\windows\system32\drivers\UsbFltr.sys [2007-4-9 9600]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-1 1343400]
.
=============== Created Last 30 ================
.
2011-11-20 10:06:01 -------- d-----w- c:\users\april\appdata\local\{4009BE80-C4A2-4E2D-BFB6-C9BEB34197AF}
2011-11-20 10:05:34 -------- d-----w- c:\users\april\appdata\local\{862540D8-C12B-4E43-8896-46CC32F2C388}
2011-11-20 01:14:04 -------- d-----w- C:\_OTM
2011-11-19 20:21:30 -------- d-----w- c:\users\april\appdata\local\{8AD1FC17-CAB2-42E5-B3B4-CB22964C9068}
2011-11-19 20:21:08 -------- d-----w- c:\users\april\appdata\local\{AF24122E-1A8E-4A66-921E-456617E7342F}
2011-11-19 10:30:18 -------- d-----w- c:\program files\ESET
2011-11-18 19:22:16 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9cc5c864-c030-4616-ae64-f769068e989a}\offreg.dll
2011-11-18 19:22:15 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9cc5c864-c030-4616-ae64-f769068e989a}\mpengine.dll
2011-11-17 08:00:46 -------- d-----w- c:\program files\MSXML 4.0
2011-11-15 22:32:59 -------- d-----w- c:\program files\common files\Motorola Shared
2011-11-15 22:32:56 -------- d-----w- c:\program files\Motorola
2011-11-13 20:00:25 -------- d-----w- c:\users\april\appdata\local\{D551F8F1-7EF2-4076-BC09-4F39A3F98280}
2011-11-13 20:00:14 -------- d-----w- c:\users\april\appdata\local\{76B3540C-23FC-4AA9-93C5-FF16E571E09C}
2011-11-13 07:30:18 -------- d-----w- c:\users\april\appdata\local\{A8257EEE-F740-451D-AD6D-AEB16DCB3304}
2011-11-13 07:29:57 -------- d-----w- c:\users\april\appdata\local\{20BB154B-2E7D-4512-833F-845C3DCED23C}
2011-11-09 12:22:37 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 12:22:10 708608 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-09 12:21:42 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-09 08:59:11 -------- d-----w- c:\users\april\appdata\local\{88BDE90D-B682-4DFE-AF59-A16C4928209E}
2011-11-09 08:58:55 -------- d-----w- c:\users\april\appdata\local\{90C2E3D6-6A55-4AFE-B59A-1148CA3A1AEE}
2011-11-08 18:40:03 -------- d-----w- c:\users\april\appdata\local\{57B9647E-A60C-4829-AB5A-EFCA8BC02CE1}
2011-11-08 18:39:53 -------- d-----w- c:\users\april\appdata\local\{2841DAE3-500F-4D67-BD22-B2950A84612E}
2011-11-08 18:38:58 -------- d-----w- c:\users\april\appdata\local\{8FFF408B-3CC7-466B-990A-4C978628AC90}
2011-11-05 06:59:41 -------- d-----w- c:\users\april\appdata\local\{126B57A9-8388-41D5-B436-A25AECF52B5E}
2011-11-05 06:58:54 -------- d-----w- c:\users\april\appdata\local\{DA569CD5-CF74-4E08-A799-1944EE332F57}
2011-11-04 18:58:40 -------- d-----w- c:\users\april\appdata\local\{3E82ABCE-2F6C-4689-BC48-121836AA0EC9}
2011-11-04 18:58:29 -------- d-----w- c:\users\april\appdata\local\{61C8E949-EAB8-49DE-AE40-1EE73409B876}
2011-11-04 02:58:24 -------- d-----w- c:\users\april\appdata\local\{62269090-C039-4D6D-AB7A-9809142764C1}
2011-11-04 02:58:00 -------- d-----w- c:\users\april\appdata\local\{A426AE3A-78E7-493E-86FF-B74B7764143B}
2011-10-28 14:09:59 -------- d-----w- c:\users\april\appdata\local\{40EA3659-E269-48A1-BBCE-3E04931D5362}
2011-10-28 14:09:37 -------- d-----w- c:\users\april\appdata\local\{029DB107-787C-4C70-B056-290C5C16659E}
2011-10-26 19:14:27 6144 ----a-w- c:\program files\internet explorer\iecompat.dll
2011-10-24 00:55:06 -------- d-----w- c:\users\april\appdata\local\{6D762EF9-51A4-47D7-A53A-A131537B6CC5}
2011-10-24 00:54:43 -------- d-----w- c:\users\april\appdata\local\{91A38445-907D-4A9B-ABDE-2D685AAE0308}
2011-10-23 05:45:21 -------- d-----w- c:\users\april\appdata\local\{310C009A-3E02-412B-84F7-DA83FF9BBDFB}
2011-10-23 05:44:59 -------- d-----w- c:\users\april\appdata\local\{18059F71-2707-4B61-9F7D-8D487D0295F4}
.
==================== Find3M ====================
.
2011-10-18 03:09:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-01 02:42:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:36:26 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-27 04:26:27 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:26:27 233472 ----a-w- c:\windows\system32\oleacc.dll
.
============= FINISH: 15:47:40.13 ===============

(ATTATCH.TXT) Zipped and attatched as requested.

(aswMBR.txt LOG)

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-21 15:52:37
-----------------------------
15:52:37.489 OS Version: Windows 6.1.7601 Service Pack 1
15:52:37.489 Number of processors: 2 586 0x170A
15:52:37.489 ComputerName: APRIL-PC UserName: April
15:52:38.253 Initialize success
15:52:38.300 AVAST engine defs: 11112101
15:52:50.998 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:52:51.014 Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3
15:52:51.045 Disk 0 MBR read successfully
15:52:51.045 Disk 0 MBR scan
15:52:51.061 Disk 0 Windows VISTA default MBR code
15:52:51.061 Disk 0 scanning sectors +488396800
15:52:51.139 Disk 0 scanning C:\windows\system32\drivers
15:52:59.142 Service scanning
15:53:00.468 Modules scanning
15:53:21.528 Disk 0 trace - called modules:
15:53:21.559 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
15:53:21.559 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86bfd288]
15:53:21.575 3 CLASSPNP.SYS[8b3d359e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85dec028]
15:53:22.417 AVAST engine scan C:\windows
15:53:24.429 AVAST engine scan C:\windows\system32
15:54:48.186 AVAST engine scan C:\windows\system32\drivers
15:54:57.702 AVAST engine scan C:\Users\April
16:05:21.563 AVAST engine scan C:\ProgramData
16:06:27.254 Scan finished successfully
16:12:06.709 Disk 0 MBR has been saved successfully to "C:\Users\April\Desktop\MBR.dat"
16:12:06.709 The log file has been saved successfully to "C:\Users\April\Desktop\aswMBR.txt"

Attached Files

Attach.zip 2.45KB 165 downloads

#53 JonTom

Teacher Emeritus

Malware Team
5,496 posts

Posted 22 November 2011 - 10:10 AM

Hello MARIANNE97

The aswMBR looks good as does the DDS log.

I need you to tell me how those machines are running. Are they displaying any obvious problems? (Popups, redirects, error messages etc)?

You did not answer my question so I am going to assume that there are no other noticeable symptoms.

Lets remove the tools from this machine and take care of some updates:

Please perform the following cleanup procedure
- Right click on the OTM.exe icon on your desktop and select "Run as Administrator" to run the program.
- Once OTM has opened, click on the "CleanUp!" button.
- Follow any prompts that you receive.
Removal of Tools
- You can now delete aswMBR from your machine.
- You can obtain the latest version of Adobe Reader from here, and the latest version of Flash Player from here.
- For more information and links to Adobe updates and downloads click here.
Please update your Java
- Click on "Windows Orb" (bottom left hand corner of your screen), then on "Computer" and then on the "Uninstall or Change a Program" tab.
- Uninstall any previous versions of Java that you find (Java™ 6 Update 14).
- Reboot your computer.
- Next, download the latest version of Java by clicking here
- Click on "Windows 7, XP Offline (32-bit)".
- Save the file to your desktop (do not run it just yet).
- Once it has saved, double click on the saved file to start the installation process.
- Click the Install button to accept the license terms and to continue with the installation.
- The installer may present you with an option to install additional programs when you install Java. I suggest you decline these additional programs (unless you really want them).
- Follow any prompts you receive and click "Close" to complete the installation.
Your Adobe Reader is out of date
- You can obtain the latest version of Adobe Reader from here, and the latest version of Flash Player from here.
- For more information and links to Adobe updates and downloads click here.
Once you have completed the above steps run DDS and aswMBR on machine three and post the logs.

Would you like to help others? Join the Classroom and learn how.

Member of UNITE
Proud Graduate of the WTT Classroom

#54 MARIANNE97

Authentic Member

Authentic Member
36 posts

Posted 22 November 2011 - 11:04 PM

Hi Jontom

Sorry I din't answer your question...Both PCs seem to be running ok at the moment but machine 1 and machine 3 seem to have some sort of java issue. The java log that I sent to you in an earlier post just keeps popping up on both and leaving copies of the log on the desktops. I counted 11 on top of the previous ones that were already there on machine 1 and 3 or 4 on machine 3...It's the same log on both machines.

I ran the scans on machine 3 and will post the logs below

Thank you

(DDS LOG)

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Owner at 23:00:57 on 2011-11-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2915 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\StikyNot.exe
C:\ProgramData\GameXN\GameXNGO.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://downloads.phpnuke.org/en/index.php?rvs=hompag
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://downloads.phpnuke.org/en/index.php?rvs=hompag
mSearch Page = hxxp://downloads.phpnuke.org/en/index.php?rvs=hompag
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: MRI_DISABLED - No File
BHO: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
BHO: UrlHelper Class: {474597c5-ab09-49d6-a4d5-2e8d7341384e} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Facebook Update] "C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [GameXN (update)] "C:\ProgramData\GameXN\GameXNGO.exe" /u
uRun: [GameXN (news)] "C:\ProgramData\GameXN\GameXNGO.exe" /n
uRun: [GameXN] "C:\ProgramData\GameXN\GameXNGO.exe" /silent
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [DATAMNGR] C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{36CA91B0-38FB-4A05-8396-A3A04EE10E99} : DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{36CA91B0-38FB-4A05-8396-A3A04EE10E99}\2375942554836343 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{36CA91B0-38FB-4A05-8396-A3A04EE10E99}\2716D616461613 : DhcpNameServer = 172.20.101.1
TCP: Interfaces\{36CA91B0-38FB-4A05-8396-A3A04EE10E99}\2716D616461643 : DhcpNameServer = 172.20.100.1
TCP: Interfaces\{36CA91B0-38FB-4A05-8396-A3A04EE10E99}\C696E6B6379737 : DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{36CA91B0-38FB-4A05-8396-A3A04EE10E99}\E4544574541425 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{36CA91B0-38FB-4A05-8396-A3A04EE10E99}\E4564777F627B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{399750A3-2199-4CD7-B1A2-75CC24B9A1F7} : DhcpNameServer = 168.94.0.15 168.94.0.14
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
BHO-X64: MRI_DISABLED - No File
BHO-X64: AcroIEHelperStub - No File
BHO-X64: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
BHO-X64: MediaBar - No File
BHO-X64: UrlHelper Class: {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun-x64: [DATAMNGR] C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
AppInit_DLLs-X64: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
.
============= SERVICES / DRIVERS ===============
.
R0 lullaby;lullaby;C:\Windows\system32\DRIVERS\lullaby.sys --> C:\Windows\system32\DRIVERS\lullaby.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2010-6-14 14904]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-9-23 44768]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-12 136176]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-12 136176]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-11-20 19:44:27 -------- d-----w- C:\_OTM
2011-11-20 11:29:54 -------- d-----w- C:\Users\Owner\AppData\Local\Apple Computer
2011-11-19 20:03:03 -------- d-----w- C:\Program Files (x86)\ESET
2011-11-09 06:09:02 -------- d-----w- C:\ProgramData\Ask
2011-11-08 22:49:12 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-08 22:49:12 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-08 22:49:11 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-08 22:49:11 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2011-11-20 19:46:42 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2011-11-09 06:26:51 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-06 01:43:47 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-10-06 01:43:46 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-10-03 10:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-06 20:45:29 41184 ----a-w- C:\Windows\avastSS.scr
2011-09-06 20:38:18 601944 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-09-06 20:36:30 65368 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-31 22:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-31 03:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-31 03:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-31 03:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-08-31 03:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-08-31 03:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-31 03:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-08-31 03:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-08-31 03:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2009-04-08 17:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
.
============= FINISH: 23:01:40.04 ===============

(aswMBR LOG)

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-22 23:21:10
-----------------------------
23:21:10.421 OS Version: Windows x64 6.1.7601 Service Pack 1
23:21:10.421 Number of processors: 2 586 0x170A
23:21:10.421 ComputerName: OWNER-PC UserName: Owner
23:21:11.732 Initialize success
23:21:11.825 AVAST engine defs: 11112201
23:21:16.521 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:21:16.521 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
23:21:16.536 Disk 0 MBR read successfully
23:21:16.536 Disk 0 MBR scan
23:21:16.536 Disk 0 Windows 7 default MBR code
23:21:16.552 Service scanning
23:21:17.816 Modules scanning
23:21:17.816 Disk 0 trace - called modules:
23:21:17.862 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys
23:21:17.862 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c083e0]
23:21:17.878 3 CLASSPNP.SYS[fffff88001b5b43f] -> nt!IofCallDriver -> [0xfffffa80046ab590]
23:21:17.878 5 ACPI.sys[fffff88000f347a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046b1050]
23:21:18.596 AVAST engine scan C:\Windows
23:21:20.530 AVAST engine scan C:\Windows\system32
23:22:36.957 AVAST engine scan C:\Windows\system32\drivers
23:22:50.700 AVAST engine scan C:\Users\Owner
23:27:03.748 AVAST engine scan C:\ProgramData
23:27:38.224 Scan finished successfully
23:31:05.972 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
23:31:05.972 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

Attached Files

attachtxt.zip 2.18KB 174 downloads

#55 MARIANNE97

Authentic Member

Authentic Member
36 posts

Posted 22 November 2011 - 11:08 PM

I forgot to post the java error log

Posting it below

#
# A fatal error has been detected by the Java Runtime Environment:
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0xe96d0e80, pid=2328, tid=4636
#
# JRE version: 6.0_29-b11
# Java VM: Java HotSpot™ Client VM (20.4-b02 mixed mode, sharing windows-x86 )
# Problematic frame:
# C 0xe96d0e80
#
# If you would like to submit a bug report, please visit:
# http://java.sun.com/...eport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#

--------------- T H R E A D ---------------

Current thread (0x02663800): JavaThread "AWT-Windows" daemon [_thread_in_native, id=4636, stack(0x02730000,0x02830000)]

siginfo: ExceptionCode=0xc0000005, reading address 0xe96d0e80

Registers:
EAX=0x6d0c0092, EBX=0x00000001, ECX=0x06532970, EDX=0x00000004
ESP=0x0282faa0, EBP=0x0282facc, ESI=0x02663928, EDI=0x06532970
EIP=0xe96d0e80, EFLAGS=0x00010293

Top of Stack: (sp=0x0282faa0)
0x0282faa0: 6d09ccc0 00000000 6d09c780 00000000
0x0282fab0: 0282fb48 00000000 02663928 0282faa4
0x0282fac0: 0282fb60 6d0c0628 00000001 0282faf8
0x0282fad0: 770d62fa 001010dc 0000981a 06532970
0x0282fae0: 00000000 6d09c780 dcbaabcd 00000000
0x0282faf0: 00000000 6d09c780 0282fb70 770d6d3a
0x0282fb00: 6d09c780 001010dc 0000981a 06532970
0x0282fb10: 00000000 d2e10794 0282fc04 0282fbfc

Instructions: (pc=0xe96d0e80)
0xe96d0e60:
[error occurred during error reporting (printing registers, top of stack, instructions near pc), id 0xc0000005]

Register to memory mapping:

EAX=0x6d0c0092 is an unknown value
EBX=0x00000001 is an unknown value
ECX=0x06532970 is an unknown value
EDX=0x00000004 is an unknown value
ESP=0x0282faa0 is pointing into the stack for thread: 0x02663800
EBP=0x0282facc is pointing into the stack for thread: 0x02663800
ESI=0x02663928 is an unknown value
EDI=0x06532970 is an unknown value

Stack: [0x02730000,0x02830000], sp=0x0282faa0, free space=1022k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C 0xe96d0e80
C [USER32.dll+0x162fa] gapfnScSendMessage+0x332
C [USER32.dll+0x16d3a] GetThreadDesktop+0xd7
C [USER32.dll+0x177c4] CharPrevW+0x138
C [USER32.dll+0x1788a] DispatchMessageW+0xf

Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j sun.awt.windows.WToolkit.eventLoop()V+0
j sun.awt.windows.WToolkit.run()V+52
v ~StubRoutines::call_stub

--------------- P R O C E S S ---------------

Java Threads: ( => current thread )
0x0666b400 JavaThread "Direct Clip" daemon [_thread_blocked, id=168, stack(0x05ed0000,0x05f20000)]
0x06609400 JavaThread "Direct Clip" daemon [_thread_blocked, id=5256, stack(0x07380000,0x073d0000)]
0x0660a800 JavaThread "Direct Clip" daemon [_thread_blocked, id=6092, stack(0x05c40000,0x05c90000)]
0x0660b800 JavaThread "Direct Clip" daemon [_thread_blocked, id=4188, stack(0x06e80000,0x06ed0000)]
0x0660ac00 JavaThread "Image Animator 0" daemon [_thread_blocked, id=2716, stack(0x06d60000,0x06db0000)]
0x06608c00 JavaThread "TickTimer" daemon [_thread_blocked, id=1264, stack(0x09740000,0x09790000)]
0x06608800 JavaThread "Timer2" daemon [_thread_blocked, id=4156, stack(0x096b0000,0x09700000)]
0x06608000 JavaThread "ScrollingLabel" daemon [_thread_blocked, id=1888, stack(0x09620000,0x09670000)]
0x0671bc00 JavaThread "InvalQueue-com.pogo.ui2.awt.q[ClientApplet-GamePanel,3,0,548x394,invalid]-ClientApplet-GamePanel" daemon [_thread_blocked, id=1112, stack(0x09590000,0x095e0000)]
0x0671b400 JavaThread "InvalQueue-com.pogo.ui2.awt.q[ClientApplet-ChatPanel,6,0,180x392,layout=com.pogo.ui2.awt.e]-ClientApplet-ChatPanel" daemon [_thread_blocked, id=3648, stack(0x09500000,0x09550000)]
0x0671ac00 JavaThread "ScrollBar" daemon [_thread_blocked, id=1196, stack(0x09470000,0x094c0000)]
0x0671a800 JavaThread "TextField" daemon [_thread_blocked, id=6104, stack(0x093e0000,0x09430000)]
0x0671a000 JavaThread "ScrollBar" daemon [_thread_blocked, id=3688, stack(0x09350000,0x093a0000)]
0x06719c00 JavaThread "ScrollBar" daemon [_thread_blocked, id=5164, stack(0x092c0000,0x09310000)]
0x06719400 JavaThread "TickTimer" daemon [_thread_blocked, id=2740, stack(0x09230000,0x09280000)]
0x06719000 JavaThread "ScrollBar" daemon [_thread_blocked, id=1508, stack(0x091a0000,0x091f0000)]
0x06718800 JavaThread "SocketConnection" daemon [_thread_blocked, id=4592, stack(0x08d00000,0x08d50000)]
0x06718000 JavaThread "Applet-EventThread" daemon [_thread_blocked, id=5376, stack(0x08c30000,0x08c80000)]
0x02664c00 JavaThread "drawpoker AlarmQueue" [_thread_blocked, id=1868, stack(0x08ba0000,0x08bf0000)]
0x0666c000 JavaThread "Direct Clip" daemon [_thread_blocked, id=5636, stack(0x08940000,0x08990000)]
0x0666d400 JavaThread "AsynchRasterManager.avatar" daemon [_thread_blocked, id=5652, stack(0x08670000,0x086c0000)]
0x0666a000 JavaThread "Thread-350" daemon [_thread_blocked, id=4956, stack(0x08620000,0x08670000)]
0x0666dc00 JavaThread "Thread-349" daemon [_thread_blocked, id=1860, stack(0x07950000,0x079a0000)]
0x0666bc00 JavaThread "Thread-348" daemon [_thread_blocked, id=4924, stack(0x078c0000,0x07910000)]
0x0666c800 JavaThread "thread applet-com.pogo.game.client2.drawpoker.DrawPokerApplet-9" [_thread_in_native, id=4412, stack(0x07530000,0x07580000)]
0x05224800 JavaThread "thread applet-com.pogo.game.client2.shell.ShellApplet-8" [_thread_blocked, id=5192, stack(0x06df0000,0x06e40000)]
0x05223c00 JavaThread "thread applet-com.pogo.game.client2.shell.ShellApplet-7" [_thread_blocked, id=5212, stack(0x07110000,0x07160000)]
0x05228800 JavaThread "Applet 8 LiveConnect Worker Thread" [_thread_blocked, id=3244, stack(0x06cd0000,0x06d20000)]
0x05222400 JavaThread "Applet 7 LiveConnect Worker Thread" [_thread_blocked, id=4160, stack(0x06330000,0x06380000)]
0x05228000 JavaThread "TickTimer" daemon [_thread_blocked, id=5724, stack(0x08a70000,0x08ac0000)]
0x05227c00 JavaThread "ScrollBar" daemon [_thread_blocked, id=5248, stack(0x089e0000,0x08a30000)]
0x02667c00 JavaThread "InvalQueue-com.pogo.ui2.awt.q[ClientApplet-GamePanel,0,0,458x276,invalid]-ClientApplet-GamePanel" daemon [_thread_blocked, id=4664, stack(0x05600000,0x05650000)]
0x05227400 JavaThread "InvalQueue-com.pogo.ui2.awt.q[ClientApplet-ChatPanel,0,276,458x127,layout=com.pogo.ui2.awt.e]-ClientApplet-ChatPanel" daemon [_thread_blocked, id=3192, stack(0x08540000,0x08590000)]
0x05226c00 JavaThread "ScrollBar" daemon [_thread_blocked, id=5236, stack(0x084b0000,0x08500000)]
0x05226800 JavaThread "TextField" daemon [_thread_blocked, id=5904, stack(0x08420000,0x08470000)]
0x05226000 JavaThread "ScrollBar" daemon [_thread_blocked, id=5596, stack(0x08390000,0x083e0000)]
0x05225c00 JavaThread "TickTimer" daemon [_thread_blocked, id=3944, stack(0x08300000,0x08350000)]
0x05225400 JavaThread "ScrollBar" daemon [_thread_blocked, id=2872, stack(0x08270000,0x082c0000)]
0x05225000 JavaThread "BadgeStorage" daemon [_thread_blocked, id=5676, stack(0x081e0000,0x08230000)]
0x05223400 JavaThread "SocketConnection" daemon [_thread_in_native, id=2160, stack(0x077a0000,0x077f0000)]
0x05223000 JavaThread "Applet-EventThread" daemon [_thread_blocked, id=5384, stack(0x07700000,0x07750000)]
0x05222800 JavaThread "AsynchRasterManager.avatar" daemon [_thread_blocked, id=5556, stack(0x07670000,0x076c0000)]
0x05221c00 JavaThread "Thread-27" daemon [_thread_blocked, id=5668, stack(0x06c40000,0x06c90000)]
0x05221400 JavaThread "Thread-26" daemon [_thread_blocked, id=2132, stack(0x062a0000,0x062f0000)]
0x05221000 JavaThread "Thread-25" daemon [_thread_blocked, id=4832, stack(0x061f0000,0x06240000)]
0x02668400 JavaThread "Java Sound Event Dispatcher" daemon [_thread_blocked, id=5424, stack(0x06140000,0x06190000)]
0x02668800 JavaThread "thread applet-com.pogo.game.client2.drawpoker.DrawPokerTableSelectorApplet-3" [_thread_blocked, id=2024, stack(0x05e40000,0x05e90000)]
0x02664400 JavaThread "AWT-EventQueue-4" [_thread_in_native, id=5988, stack(0x05790000,0x057e0000)]
0x02667000 JavaThread "Applet 3 LiveConnect Worker Thread" [_thread_blocked, id=4472, stack(0x05db0000,0x05e00000)]
0x02667800 JavaThread "JVM[id=0]-Heartbeat" daemon [_thread_blocked, id=2324, stack(0x05d20000,0x05d70000)]
0x02666800 JavaThread "Browser Side Object Cleanup Thread" [_thread_blocked, id=5312, stack(0x05bb0000,0x05c00000)]
0x02665c00 JavaThread "Windows Tray Icon Thread" [_thread_in_native, id=2864, stack(0x05940000,0x05990000)]
0x02665800 JavaThread "CacheCleanUpThread" daemon [_thread_blocked, id=2416, stack(0x058b0000,0x05900000)]
0x02665000 JavaThread "CacheMemoryCleanUpThread" daemon [_thread_blocked, id=5448, stack(0x05820000,0x05870000)]
0x02662000 JavaThread "SysExecutionTheadCreator" daemon [_thread_blocked, id=5736, stack(0x05010000,0x05060000)]
0x02663c00 JavaThread "AWT-EventQueue-0" [_thread_blocked, id=4020, stack(0x05570000,0x055c0000)]
=>0x02663800 JavaThread "AWT-Windows" daemon [_thread_in_native, id=4636, stack(0x02730000,0x02830000)]
0x02663000 JavaThread "AWT-Shutdown" [_thread_blocked, id=3880, stack(0x054e0000,0x05530000)]
0x02662c00 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=6020, stack(0x05450000,0x054a0000)]
0x02662400 JavaThread "Java Plug-In Pipe Worker Thread (Client-Side)" daemon [_thread_in_native, id=5072, stack(0x050a0000,0x050f0000)]
0x02661800 JavaThread "Timer-0" [_thread_blocked, id=2332, stack(0x04f20000,0x04f70000)]
0x02661000 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=5740, stack(0x04db0000,0x04e00000)]
0x02620400 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=2696, stack(0x04b90000,0x04be0000)]
0x0261b400 JavaThread "C1 CompilerThread0" daemon [_thread_blocked, id=4768, stack(0x04b00000,0x04b50000)]
0x0261a400 JavaThread "Attach Listener" daemon [_thread_blocked, id=3684, stack(0x04a70000,0x04ac0000)]
0x02617400 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=2124, stack(0x049e0000,0x04a30000)]
0x0260f000 JavaThread "Finalizer" daemon [_thread_blocked, id=972, stack(0x02910000,0x02960000)]
0x0260dc00 JavaThread "Reference Handler" daemon [_thread_blocked, id=5460, stack(0x02880000,0x028d0000)]
0x0272b400 JavaThread "main" [_thread_blocked, id=5156, stack(0x00310000,0x00360000)]

Other Threads:
0x025d1000 VMThread [stack: 0x02830000,0x02880000] [id=5036]
0x02631c00 WatcherThread [stack: 0x04c20000,0x04c70000] [id=1756]

VM state:not at safepoint (normal execution)

VM Mutex/Monitor currently owned by a thread: None

Heap
def new generation total 11840K, used 7398K [0x2c1b0000, 0x2ce80000, 0x2ec50000)
eden space 10560K, 65% used [0x2c1b0000, 0x2c870190, 0x2cc00000)
from space 1280K, 37% used [0x2cd40000, 0x2cdb9808, 0x2ce80000)
to space 1280K, 0% used [0x2cc00000, 0x2cc00000, 0x2cd40000)
tenured generation total 26052K, used 15860K [0x2ec50000, 0x305c1000, 0x341b0000)
the space 26052K, 60% used [0x2ec50000, 0x2fbcd2e0, 0x2fbcd400, 0x305c1000)
compacting perm gen total 12288K, used 4967K [0x341b0000, 0x34db0000, 0x381b0000)
the space 12288K, 40% used [0x341b0000, 0x34689e20, 0x3468a000, 0x34db0000)
ro space 10240K, 51% used [0x381b0000, 0x386dd0b8, 0x386dd200, 0x38bb0000)
rw space 12288K, 54% used [0x38bb0000, 0x39249570, 0x39249600, 0x397b0000)

Code Cache [0x029a0000, 0x02d40000, 0x049a0000)
total_blobs=1866 nmethods=1629 adapters=170 free_code_cache=29826176 largest_free_block=39872

Dynamic libraries:
0x00400000 - 0x00424000 C:\Program Files (x86)\Java\jre6\bin\java.exe
0x77bc0000 - 0x77d40000 C:\Windows\SysWOW64\ntdll.dll
0x771f0000 - 0x77300000 C:\Windows\syswow64\kernel32.dll
0x76ad0000 - 0x76b16000 C:\Windows\syswow64\KERNELBASE.dll
0x73e00000 - 0x73e34000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x757c0000 - 0x75860000 C:\Windows\syswow64\ADVAPI32.dll
0x76d80000 - 0x76e2c000 C:\Windows\syswow64\msvcrt.dll
0x76f40000 - 0x76f59000 C:\Windows\SysWOW64\sechost.dll
0x76b30000 - 0x76c20000 C:\Windows\syswow64\RPCRT4.dll
0x752b0000 - 0x75310000 C:\Windows\syswow64\SspiCli.dll
0x752a0000 - 0x752ac000 C:\Windows\syswow64\CRYPTBASE.dll
0x72ef0000 - 0x72f3c000 C:\Windows\system32\apphelp.dll
0x6bae0000 - 0x6bb6d000 C:\Windows\AppPatch\AcLayers.DLL
0x770c0000 - 0x771c0000 C:\Windows\syswow64\USER32.dll
0x75860000 - 0x758f0000 C:\Windows\syswow64\GDI32.dll
0x76b20000 - 0x76b2a000 C:\Windows\syswow64\LPK.dll
0x75a70000 - 0x75b0d000 C:\Windows\syswow64\USP10.dll
0x75ca0000 - 0x768ea000 C:\Windows\syswow64\SHELL32.dll
0x76e30000 - 0x76e87000 C:\Windows\syswow64\SHLWAPI.dll
0x753a0000 - 0x754fc000 C:\Windows\syswow64\ole32.dll
0x76eb0000 - 0x76f3f000 C:\Windows\syswow64\OLEAUT32.dll
0x73bc0000 - 0x73bd7000 C:\Windows\system32\USERENV.dll
0x73bb0000 - 0x73bbb000 C:\Windows\system32\profapi.dll
0x73be0000 - 0x73c31000 C:\Windows\system32\WINSPOOL.DRV
0x74220000 - 0x74232000 C:\Windows\system32\MPR.dll
0x75340000 - 0x753a0000 C:\Windows\system32\IMM32.DLL
0x76ff0000 - 0x770bc000 C:\Windows\syswow64\MSCTF.dll
0x7c340000 - 0x7c396000 C:\Program Files (x86)\Java\jre6\bin\msvcr71.dll
0x6d7f0000 - 0x6da9f000 C:\Program Files (x86)\Java\jre6\bin\client\jvm.dll
0x73670000 - 0x736a2000 C:\Windows\system32\WINMM.dll
0x6d7a0000 - 0x6d7ac000 C:\Program Files (x86)\Java\jre6\bin\verify.dll
0x6d320000 - 0x6d33f000 C:\Program Files (x86)\Java\jre6\bin\java.dll
0x6d000000 - 0x6d14c000 C:\Program Files (x86)\Java\jre6\bin\awt.dll
0x73c40000 - 0x73dde000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
0x73900000 - 0x73980000 C:\Windows\system32\uxtheme.dll
0x6d7e0000 - 0x6d7ef000 C:\Program Files (x86)\Java\jre6\bin\zip.dll
0x6d420000 - 0x6d426000 C:\Program Files (x86)\Java\jre6\bin\jp2native.dll
0x6d1d0000 - 0x6d1e3000 C:\Program Files (x86)\Java\jre6\bin\deploy.dll
0x76c60000 - 0x76d7d000 C:\Windows\syswow64\CRYPT32.dll
0x76c20000 - 0x76c2c000 C:\Windows\syswow64\MSASN1.dll
0x75950000 - 0x75a6a000 C:\Windows\syswow64\WININET.dll
0x77b90000 - 0x77b93000 C:\Windows\syswow64\Normaliz.dll
0x76900000 - 0x76ab8000 C:\Windows\syswow64\iertutil.dll
0x75b10000 - 0x75c20000 C:\Windows\syswow64\urlmon.dll
0x6d6a0000 - 0x6d6e6000 C:\Program Files (x86)\Java\jre6\bin\regutils.dll
0x735d0000 - 0x735d9000 C:\Windows\system32\VERSION.dll
0x6d600000 - 0x6d613000 C:\Program Files (x86)\Java\jre6\bin\net.dll
0x76f60000 - 0x76f95000 C:\Windows\syswow64\WS2_32.dll
0x76ac0000 - 0x76ac6000 C:\Windows\syswow64\NSI.dll
0x72610000 - 0x7264c000 C:\Windows\system32\mswsock.dll
0x714f0000 - 0x714f6000 C:\Windows\System32\wship6.dll
0x6d620000 - 0x6d629000 C:\Program Files (x86)\Java\jre6\bin\nio.dll
0x73650000 - 0x73663000 C:\Windows\system32\DWMAPI.DLL
0x6d230000 - 0x6d27f000 C:\Program Files (x86)\Java\jre6\bin\fontmanager.dll
0x728c0000 - 0x728c8000 C:\Windows\system32\Secur32.dll
0x724b0000 - 0x724f4000 C:\Windows\system32\dnsapi.DLL
0x72460000 - 0x7247c000 C:\Windows\system32\iphlpapi.DLL
0x725a0000 - 0x725a7000 C:\Windows\system32\WINNSI.DLL
0x72600000 - 0x72605000 C:\Windows\System32\wshtcpip.dll
0x72480000 - 0x724a1000 C:\Program Files (x86)\Bonjour\mdnsNSP.dll
0x72410000 - 0x72416000 C:\Windows\system32\rasadhlp.dll
0x72420000 - 0x72458000 C:\Windows\System32\fwpuclnt.dll
0x6d510000 - 0x6d535000 C:\Program Files (x86)\Java\jre6\bin\jsound.dll
0x6d540000 - 0x6d548000 C:\Program Files (x86)\Java\jre6\bin\jsoundds.dll
0x71010000 - 0x71082000 C:\Windows\system32\DSOUND.dll
0x720d0000 - 0x720f5000 C:\Windows\system32\POWRPROF.dll
0x75590000 - 0x7572d000 C:\Windows\syswow64\SETUPAPI.dll
0x76c30000 - 0x76c57000 C:\Windows\syswow64\CFGMGR32.dll
0x76e90000 - 0x76ea2000 C:\Windows\syswow64\DEVOBJ.dll
0x72bb0000 - 0x72be9000 C:\Windows\system32\MMDevAPI.DLL
0x72ab0000 - 0x72ba5000 C:\Windows\system32\PROPSYS.dll
0x70700000 - 0x70730000 C:\Windows\system32\wdmaud.drv
0x72100000 - 0x72104000 C:\Windows\system32\ksuser.dll
0x71220000 - 0x71227000 C:\Windows\system32\AVRT.dll
0x72a70000 - 0x72aa6000 C:\Windows\system32\AUDIOSES.DLL
0x6ec10000 - 0x6ec18000 C:\Windows\system32\msacm32.drv
0x6cf70000 - 0x6cf84000 C:\Windows\system32\MSACM32.dll
0x6ec20000 - 0x6ec27000 C:\Windows\system32\midimap.dll
0x75730000 - 0x757b3000 C:\Windows\syswow64\CLBCatQ.DLL
0x6d440000 - 0x6d465000 C:\Program Files (x86)\Java\jre6\bin\jpeg.dll
0x72780000 - 0x72796000 C:\Windows\system32\CRYPTSP.dll
0x72740000 - 0x7277b000 C:\Windows\system32\rsaenh.dll
0x725f0000 - 0x72600000 C:\Windows\system32\NLAapi.dll
0x725e0000 - 0x725f0000 C:\Windows\system32\napinsp.dll
0x725c0000 - 0x725d2000 C:\Windows\system32\pnrpnsp.dll
0x725b0000 - 0x725b8000 C:\Windows\System32\winrnr.dll
0x768f0000 - 0x768f5000 C:\Windows\system32\PSAPI.DLL

VM Arguments:
jvm_args: -D__jvm_launched=8971260643 -Xbootclasspath/a:C:\\PROGRA~2\\Java\\jre6\\lib\\deploy.jar;C:\\PROGRA~2\\Java\\jre6\\lib\\javaws.jar;C:\\PROGRA~2\\Java\\jre6\\lib\\plugin.jar -Dsun.awt.warmup=true -Xmx128m -Dsun.plugin2.jvm.args=-D__jvm_launched=8971260643 "-Xbootclasspath/a:C:\\\\PROGRA~2\\\\Java\\\\jre6\\\\lib\\\\deploy.jar;C:\\\\PROGRA~2\\\\Java\\\\jre6\\\\lib\\\\javaws.jar;C:\\\\PROGRA~2\\\\Java\\\\jre6\\\\lib\\\\plugin.jar" "-Djava.class.path=C:\\\\PROGRA~2\\\\Java\\\\jre6\\\\classes" -Dsun.awt.warmup=true --- -- -Xmx128m
java_command: sun.plugin2.main.client.PluginMain write_pipe_name=jpi2_pid4216_pipe3,read_pipe_name=jpi2_pid4216_pipe2
Launcher Type: SUN_STANDARD

Environment Variables:
PATH=C:\Program Files (x86)\Internet Explorer;;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\
USERNAME=Owner
OS=Windows_NT
PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel

--------------- S Y S T E M ---------------

OS: Windows 7 , 64 bit Build 7601 Service Pack 1

CPU:total 2 (2 cores per cpu, 1 threads per core) family 6 model 23 stepping 10, cmov, cx8, fxsr, mmx, sse, sse2, sse3, ssse3

Memory: 4k page, physical 4158552k(2617260k free), swap 8315256k(6626460k free)

vm_info: Java HotSpot™ Client VM (20.4-b02) for windows-x86 JRE (1.6.0_29-b11), built on Oct 3 2011 01:01:08 by "java_re" with MS VC++ 7.1 (VS2003)

time: Wed Nov 09 20:50:04 2011
elapsed time: 1103 seconds

Advertisements

Register to Remove

#56 MARIANNE97

Authentic Member

Authentic Member
36 posts

Posted 22 November 2011 - 11:08 PM

I forgot to post the java error log

#57 JonTom

Teacher Emeritus

Malware Team
5,496 posts

Posted 23 November 2011 - 03:47 PM

Hello MARIANNE97

You may need to seek assistance in our Windows forum for the Java error (I'll point you in the right direction in due course) but for now lets continue:

P2P Programs:
- P2P programs are a major source of Malware infections.
- From your log I see you have Ares 2.1.7 and FrostWire 5.1.3. We do not pass judgment on file-sharing, however we must inform you that engaging in this activity and having this kind of software installed on your system will always make you more susceptible to Malware infections.
- You would certainly be doing yourself a favour by removing these programs.
- If you wish to keep the program(s), please do not use them until your computer is cleaned.
- Information regarding the risk of using these programs can be found from here and here.
- It is strongly recommend that you uninstall any P2P programs you have on your system.
- To do this, Click on the "Windows Orb" (bottom left hand corner of your screen), then on "Conrol Panel" and then on the "Programs and Features" tab.
- A list of currently installed programs will be displayed.
- Find the "Ares 2.1.7" and "FrostWire 5.1.3" programs, click on them once and then click on the "Uninstall" button.
- If you are prompted to re-boot your computer to complete the uninstall please do so.
  
  PLEASE NOTE:
- Even if you are using a P2P program that is deemed safe, it is only the program that is safe. Any files that you receive using a "safe" P2P program may be infected with Malware. The malware writers use P2P file-sharing as a major conduit to spread infected files.
Please un-install MediaBar
- Click on "Start" then on "Control Panel" and then on the "Programs and Features" tab.
- Find the "MediaBar" program, click on it once and then click on the "uninstall" button.
- If you are prompted to re-boot your computer to complete the uninstall please do so.
Did you knowingly set your start and search pages to downloads.phpnuke.org?

Web Of Trust lists this site as having a somewhat mixed reputation (see user comments): http://www.mywot.com...ads.phpnuke.org

Let me know when you have uninstalled the programs mentioned above and let me know about the search page in your next reply

Would you like to help others? Join the Classroom and learn how.

Member of UNITE
Proud Graduate of the WTT Classroom

#58 MARIANNE97

Authentic Member

Authentic Member
36 posts

Posted 25 November 2011 - 01:09 AM

Hi Jontom

(Java) Ok sounds great...I did uninstall the java on machine 1 and reinstall it using the link that you provided here ...I will have to check on it to see if it has fixed the problem but I appreciate you directing me to the right place when we have finished

Machine 3 is my teen daughters computer and I have told her about those kinds of sites...I hope she understands now how devastating they can be with the malware. I have uninstalled the sites and I let her know that if she wants to keep her computer that she should not download them again. I also uninstalled mediabar. As for downloads.phpnuke.org I asked her about it and she said she has no idea what that is so I would say no to that question

Thank you

#59 JonTom

Teacher Emeritus

Malware Team
5,496 posts

Posted 25 November 2011 - 12:03 PM

Hello MARIANNE

I will have to check on it to see if it has fixed the problem

Please do (and let me know).

I also uninstalled mediabar

As for downloads.phpnuke.org I asked her about it and she said she has no idea what that is so I would say no to that question

We'll take care of that below:

Please make a backup of your Registry
- The following fix requires altering your Windows Registry. Therefore we need to back it up in case we run into problems:
- Download ERUNT to your Desktop (Right click the link, select "Save Link/Target As"..., select your Desktop and press Save).
- Right click erunt.zip, choose "Extract All…" and follow the prompts to unzip the program.
- Open the ERUNT folder on your Desktop and double click ERUNT.exe to start the program.
- Click OK for all the prompts to back up your registry to the default location.
- Note: if it becomes necessary to restore the registry, open the backup folder and start ERDNT.exe.
You should still have OTM on your desktop:
OTM
- Right click on the OTM.exe icon and choose Run As Administrator to run the program.
- Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
"Search Page"="http://www.google.com/"

:Commands
[Purity]
[EmptyTemp]
[Emptyflash]
[Reboot]
```
- Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
- Click the Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTM.
- Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File -> Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Please post the OTM log in your next reply along with a new DDS.txt log.

Would you like to help others? Join the Classroom and learn how.

Member of UNITE
Proud Graduate of the WTT Classroom

#60 MARIANNE97

Authentic Member

Authentic Member
36 posts

Posted 01 December 2011 - 01:45 AM

Hi Jontom

I know it has been a while again but I've been very busy with things and trying to snatch my Daughters computer in the mean time. There is still a problem with the java on machine 1 and 3 so I will let you direct me to the right place when the time comes

I ran the erunt, OTM and dds I will post the log files below Thank you

(OTM LOGFILE)

All processes killed
========== REGISTRY ==========
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\"Search Page"|"http://www.google.com/" /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"http://www.google.com/" /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\"Search Page"|"http://www.google.com/" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 1868 bytes
->Temporary Internet Files folder emptied: 59420576 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 513 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 57.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Owner
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTM by OldTimer - Version 3.1.19.0 log created on 12012011_022522

Files moved on Reboot...
File C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

(DDS LOGFILE and other is attachment)

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Owner at 2:33:57 on 2011-12-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2627 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\notepad.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\ProgramData\GameXN\GameXNGO.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com/
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://www.google.com/
mSearch Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: MRI_DISABLED - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Facebook Update] "C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [GameXN (update)] "C:\ProgramData\GameXN\GameXNGO.exe" /u
uRun: [GameXN (news)] "C:\ProgramData\GameXN\GameXNGO.exe" /n
uRun: [GameXN] "C:\ProgramData\GameXN\GameXNGO.exe" /silent
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{36CA91B0-38FB-4A05-8396-A3A04EE10E99} : DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{36CA91B0-38FB-4A05-8396-A3A04EE10E99}\2375942554836343 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{36CA91B0-38FB-4A05-8396-A3A04EE10E99}\2716D616461613 : DhcpNameServer = 172.20.101.1
TCP: Interfaces\{36CA91B0-38FB-4A05-8396-A3A04EE10E99}\2716D616461643 : DhcpNameServer = 172.20.100.1
TCP: Interfaces\{36CA91B0-38FB-4A05-8396-A3A04EE10E99}\C696E6B6379737 : DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{36CA91B0-38FB-4A05-8396-A3A04EE10E99}\E4544574541425 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{36CA91B0-38FB-4A05-8396-A3A04EE10E99}\E4564777F627B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{399750A3-2199-4CD7-B1A2-75CC24B9A1F7} : DhcpNameServer = 168.94.0.15 168.94.0.14
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs:
BHO-X64: MRI_DISABLED - No File
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
AppInit_DLLs-X64:
.
============= SERVICES / DRIVERS ===============
.
R0 lullaby;lullaby;C:\Windows\system32\DRIVERS\lullaby.sys --> C:\Windows\system32\DRIVERS\lullaby.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2010-6-14 14904]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-9-23 44768]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-12 136176]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-12 136176]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-12-01 07:29:19 -------- d-----w- C:\Users\Owner\AppData\Local\Apple Computer
2011-11-29 04:50:07 -------- d-----w- C:\Program Files (x86)\Ulead Systems
2011-11-29 04:48:54 -------- d-----w- C:\Windows\Noslip
2011-11-20 19:44:27 -------- d-----w- C:\_OTM
2011-11-19 20:03:03 -------- d-----w- C:\Program Files (x86)\ESET
2011-11-09 06:09:02 -------- d-----w- C:\ProgramData\Ask
2011-11-08 22:49:12 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-08 22:49:12 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-08 22:49:11 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-08 22:49:11 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2011-11-29 04:40:12 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-20 19:46:42 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2011-10-06 01:43:47 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-10-06 01:43:46 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-10-03 10:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-06 20:45:29 41184 ----a-w- C:\Windows\avastSS.scr
2011-09-06 20:38:18 601944 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-09-06 20:36:30 65368 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2009-04-08 17:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
.
============= FINISH: 2:37:06.31 ===============

Attached Files

AttachNEW.zip 2.28KB 164 downloads

Body Background

skin color theme