Tech Support Forum - View Single Post

Custom · 06-17-2009, 04:40 PM

Hello, I just installed a new antivirus and wanted to make sure the old didn't leave anything behind. The logs asked for are attached. Thank you. I run Avast! Home 4.8, and I know I only have IE 7, but I don't use it, only Firefox.

DDS (Ver_09-05-14.01) - NTFSx86
Run by Michael at 18:05:37.65 on Wed 06/17/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1614 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Michael\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [CursorFX] "c:\program files\stardock\cursorfx\CursorFX.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\michael\appdata\roaming\mozilla\firefox\profiles\il35fyu6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.live.com/
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\michael\appdata\roaming\mozilla\plugins\npoctoshape.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-24 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-24 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-12-24 51792]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-8-4 361808]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-8-4 193840]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-3-24 7808]

=============== Created Last 30 ================

2009-06-16 20:57 170,496 a------- c:\windows\system32\tcpipcfg.dll
2009-06-16 20:57 22,528 a------- c:\windows\system32\netiougc.exe
2009-06-16 20:53 <DIR> --d----- c:\programdata\CheckPoint
2009-06-16 20:53 <DIR> --d----- c:\progra~2\CheckPoint
2009-06-16 20:53 <DIR> --d----- c:\windows\Internet Logs
2009-06-16 20:38 <DIR> --d----- c:\users\michael\appdata\roaming\PeerNetworking
2009-06-16 19:26 <DIR> --d----- c:\program files\Trend Micro
2009-06-16 18:56 <DIR> --d----- c:\users\michael\appdata\roaming\Malwarebytes
2009-06-16 18:56 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-16 18:56 <DIR> --d----- c:\programdata\Malwarebytes
2009-06-16 18:56 <DIR> --d----- c:\progra~2\Malwarebytes
2009-06-16 18:56 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-16 18:56 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-14 09:44 428,544 a------- c:\windows\system32\EncDec.dll
2009-06-14 09:44 293,376 a------- c:\windows\system32\psisdecd.dll
2009-06-14 09:44 217,088 a------- c:\windows\system32\psisrndr.ax
2009-06-14 09:43 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-06-14 09:43 80,896 a------- c:\windows\system32\MSNP.ax
2009-06-11 18:04 22,912 a------- c:\windows\system32\drivers\lgusbmodem.sys
2009-06-11 18:04 21,248 a------- c:\windows\system32\drivers\lgusbdiag.sys
2009-06-11 18:04 12,672 a------- c:\windows\system32\drivers\lgusbbus.sys
2009-06-11 18:04 <DIR> --d----- c:\program files\LG Electronics
2009-06-09 21:36 <DIR> --d----- c:\programdata\NortonInstaller
2009-06-09 21:36 <DIR> --d----- c:\progra~2\NortonInstaller
2009-06-09 21:33 <DIR> --d----- c:\users\michael\appdata\roaming\GetRightToGo
2009-06-04 16:50 <DIR> --d----- c:\program files\Microsoft
2009-06-04 16:49 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-06-04 16:47 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-06-04 16:47 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-06-04 16:39 <DIR> --d----- c:\program files\common files\Windows Live
2009-06-02 16:20 <DIR> --d----- c:\programdata\Apple Computer
2009-05-29 18:01 32 a----r-- c:\programdata\hash.dat
2009-05-29 18:01 32 a----r-- c:\progra~2\hash.dat
2009-05-29 15:02 116,839 a------- c:\windows\hpqins00.dat
2009-05-27 12:50 299,008 a------- c:\windows\system32\TubeFinder.exe
2009-05-27 12:50 364,544 a------- c:\windows\system32\PropertyGrid.ocx
2009-05-27 12:50 208,500 a------- c:\windows\system32\ReyXpBasics.tlb
2009-05-27 12:50 119,568 a------- c:\windows\system32\VB6FR.DLL
2009-05-27 12:50 101,888 a------- c:\windows\system32\VB6STKIT.DLL
2009-05-27 12:50 84,512 a------- c:\windows\system32\PICCLP32.OCX
2009-05-27 12:50 9,728 a------- c:\windows\system32\PCCLPFR.DLL
2009-05-27 12:50 152,848 a------- c:\windows\system32\COMDLG32.OCX
2009-05-27 12:50 141,312 a------- c:\windows\system32\MSCMCFR.DLL
2009-05-27 12:50 32,768 a------- c:\windows\system32\CMDLGFR.DLL
2009-05-27 12:50 24,576 a------- c:\windows\system32\ControlSubX.ocx
2009-05-27 11:32 <DIR> --d----- c:\windows\Replay Converter 3
2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts
2009-05-21 16:06 <DIR> --d----- c:\program files\Windows Media Components
2009-05-21 16:04 <DIR> --d----- c:\programdata\Ulead Systems
2009-05-21 15:57 <DIR> --d----- c:\program files\Corel

==================== Find3M ====================

2009-06-16 21:37 86,016 a------- c:\windows\inf\infstrng.dat
2009-06-16 21:37 86,016 a------- c:\windows\inf\infstor.dat
2009-06-16 21:37 51,200 a------- c:\windows\inf\infpub.dat
2009-06-16 21:37 139,681 a------- c:\programdata\nvModes.dat
2009-06-16 21:37 139,681 a------- c:\progra~2\nvModes.dat
2009-05-31 19:50 2,560 a------- c:\windows\_MSRSTRT.EXE
2009-05-09 19:15 34 a------- c:\users\michael\jagex_runescape_preferences.dat
2009-04-24 12:05 827,904 a------- c:\windows\system32\wininet.dll
2009-04-24 12:02 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-24 09:44 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-04-23 08:43 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 08:42 636,928 a------- c:\windows\system32\localspl.dll
2009-04-21 07:55 2,033,152 a------- c:\windows\system32\win32k.sys
2009-04-01 16:34 137,421 a------- c:\windows\HPHins15.dat
2009-03-31 15:35 17,160 a------- c:\windows\help\oem\scripts\HC_TotalCareAdvisorUpdate.exe
2009-03-30 17:30 17,160 a------- c:\windows\help\oem\scripts\HC_DanzkaDubraBIOSUpdate.exe
2009-03-26 15:26 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-29 19:57 262,144 a------- c:\progra~2\ntuser.dat
2008-12-29 09:58 0 a------- c:\users\michael\appdata\roaming\wklnhst.dat
2008-08-04 11:10 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 22:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 18

02.04 ===============