Good afternoon gentlemen (and ladies),
My supervisor´s PC has a trojan infection, and I offered to help him rid it of its malware. I have sought help from the forums a long while back, and remember the effectiveness of the process (and am very grateful for the help!)
I am unaware where the trojan is, but I have followed the instructions as best I can -- I removed "LimeWire" which was on the PC, and uninstalled all anti-virus software except for "avast! antivirus."
I have the DDS.txt and Attach.txt file from DDS.scr, however I have had problems with GMER.exe. It's now two times consecutively that I have BSOD'd midway through GMER.exe's scan (with Sections, IAT/EAT and everything prescribed unchecked), and now it is saying "GMER.exe has stopped working" the moment I try opening it.
I will attach what I do have, in the appropriate format, and am eager to do whatever steps are necessary. Thank you very much for your help!
Here is the DDS.txt Log:
DDS (Ver_09-06-26.01) - NTFSx86
Run by xavier at 15:49:57.14 on Wed 07/08/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.3060.1385 [GMT -4:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\dldtcoms.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\IoctlSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SetPoint\LBTWiz.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\V0400Mon.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\BillProduction\Bill Redirect Serial COM Port to Keyboard Buffer\Bill_Redirect_Serial_to_KB.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\xavier\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uWindow Title = Windows Internet Explorer provided by Sycom Technologies
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.speedapps.com/search.htm
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Logitech BT Wizard] LBTWiz.exe -silent
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [c:\windows\system32\v0400cvw.dll] c:\windows\system32\regsvr32.exe /s c:\windows\system32\V0400Cvw.dll
mRun: [V0400Mon.exe] c:\windows\V0400Mon.exe
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Microsoft Forefront Client Security Antimalware Service] "c:\program files\microsoft forefront\client security\client\antimalware\MSASCui.exe" -hide
mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
StartupFolder: c:\users\xavier\appdata\roaming\micros~1\windows\startm~1\programs\startup\eyemax~1.lnk - c:\dvr\capture.exe
StartupFolder: c:\users\xavier\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bill_r~1.lnk - c:\program files\billproduction\bill redirect serial com port to keyboard buffer\Bill_Redirect_Serial_to_KB.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe
mPolicies-explorer: NoDisconnect = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {9A74E90C-0233-4E1F-8EA1-105991C6FA12} - hxxp://10.10.13.203/webdvr3.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\xavier\appdata\roaming\mozilla\firefox\profiles\0dt8cvej.default\
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\xavier\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\xavier\appdata\roaming\mozilla\firefox\profiles\0dt8cvej.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-7-1 114768]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2007-6-20 79168]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-7-1 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-7-1 51792]
R2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\windows\system32\drivers\CdpPacket.sys [2009-3-6 35691]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
R2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\microsoft forefront\client security\client\antimalware\MsMpEng.exe [2009-6-3 16880]
R2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\microsoft forefront\client security\client\ssa\FcsSas.exe [2007-4-6 73120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-1-22 47640]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-8-19 179712]
R3 VF0400Afx;VF0400 Audio FX;c:\windows\system32\drivers\V0400Afx.sys [2009-1-21 142656]
R3 VF0400Vfx;VF0400 Video FX;c:\windows\system32\drivers\V0400Vfx.sys [2009-1-21 7424]
R3 VF0400Vid;Live! Cam Notebook Pro (VF0400);c:\windows\system32\drivers\V0400Vid.sys [2009-1-21 166720]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [2008-2-25 99568]
S2 gupdate1c9f66d2628579c;Google Update Service (gupdate1c9f66d2628579c);c:\program files\google\update\GoogleUpdate.exe [2009-6-26 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-12-2 84832]
=============== Created Last 30 ================
2009-07-08 15:41 <DIR> --d----- c:\program files\Trend Micro
2009-07-06 16:08 <DIR> --d----- c:\program files\RegistryFix7
2009-07-06 13:00 <DIR> --d----- c:\users\xavier\appdata\roaming\Blackberry Desktop
2009-07-06 12:57 <DIR> --d----- c:\users\xavier\appdata\roaming\Research In Motion
2009-07-01 17:33 192,000 a------- c:\windows\system32\trz6165.tmp
2009-07-01 17:06 89,600 a------t c:\windows\system32\NetProj.exeFFD115DF
2009-07-01 17:06 111,104 a------- c:\windows\system32\NetProj.exe.CABB36F01674EA64
2009-07-01 11:34 <DIR> --d----- c:\program files\iPod
2009-07-01 11:34 <DIR> --d----- c:\program files\iTunes
2009-07-01 11:09 <DIR> --d----- c:\users\xavier\appdata\roaming\DriverCure
2009-07-01 11:09 <DIR> --d----- c:\programdata\DriverCure
2009-07-01 11:09 <DIR> --d----- c:\progra~2\DriverCure
2009-07-01 11:07 <DIR> --d----- c:\users\xavier\appdata\roaming\ParetoLogic
2009-07-01 11:06 <DIR> --d----- c:\programdata\ParetoLogic
2009-07-01 11:06 <DIR> --d----- c:\progra~2\ParetoLogic
2009-07-01 11:06 <DIR> --d----- c:\program files\ParetoLogic
2009-07-01 11:06 <DIR> --d----- c:\program files\common files\ParetoLogic
2009-07-01 11:06 <DIR> --d----- c:\programdata\Downloaded Installations
2009-07-01 11:06 <DIR> --d----- c:\progra~2\Downloaded Installations
2009-07-01 10:27 51,792 a------- c:\windows\system32\drivers\aswMonFlt.sys
2009-06-30 16:47 0 a--shr-- C:\$lsdrive$
2009-06-30 16:47 0 a--shr-- C:\$dwnlvldrive$
2009-06-30 16:47 0 a--shr-- C:\$bootdrive$
2009-06-30 16:26 <DIR> --d----- C:\$WINDOWS.~LS
2009-06-30 16:24 <DIR> --d----- C:\$UPGRADE.~OS
2009-06-30 16:21 29,754 a------t C:\_wdsuef.dmp
2009-06-30 16:19 2 a--shr-- C:\$drvmig$
2009-06-30 16:14 1,905 a------- c:\windows\diagerr.xml
2009-06-30 16:14 1,887 a------- c:\windows\diagwrn.xml
2009-06-26 10:49 <DIR> --d----- c:\program files\common files\xing shared
2009-06-25 10:41 <DIR> --d----- c:\programdata\CyberLink
2009-06-25 10:39 <DIR> --d----- C:\DellMPv3.1.1
2009-06-25 10:38 20,480 a------- c:\windows\system32\drivers\omci.sys
2009-06-25 10:33 <DIR> --d----- C:\Intel
2009-06-24 17:09 <DIR> --d----- C:\WHAT
2009-06-24 16:40 <DIR> --d----- c:\programdata\Ahead
2009-06-24 16:38 <DIR> --d----- c:\programdata\Nero
2009-06-24 16:38 <DIR> --d----- c:\progra~2\Nero
2009-06-11 12:17 1,655 a------- C:\BillProduction.CFG.zip
2009-06-10 15:10 2,033,152 a------- c:\windows\system32\win32k.sys
2009-06-10 15:09 636,928 a------- c:\windows\system32\localspl.dll
2009-06-10 15:08 784,896 a------- c:\windows\system32\rpcrt4.dll
==================== Find3M ====================
2009-07-07 16:56 1,660 a------- c:\windows\bthservsdp.dat
2009-07-06 13:13 143,360 a------- c:\windows\inf\infstrng.dat
2009-07-06 13:13 51,200 a------- c:\windows\inf\infpub.dat
2009-07-06 13:13 86,016 a------- c:\windows\inf\infstor.dat
2009-06-08 11:17 6,144 a--sh--- c:\windows\system32\ss.drv
2009-05-15 13:35 69,616 a------- c:\windows\system32\drivers\MpFilter.sys
2009-04-24 12:05 827,904 a------- c:\windows\system32\wininet.dll
2009-04-24 12:02 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-24 09:44 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-04-13 11:16 56 a---h--- c:\programdata\ezsidmv.dat
2009-04-13 11:16 56 a---h--- c:\progra~2\ezsidmv.dat
2008-08-21 14:03 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 22:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
============= FINISH: 15:50:17.08 ===============
* AGAIN, the ATTACH.zip ONLY has the ATTACH.txt file from the DDS.scr, it does NOT have ARK.txt due to the complications with GMER.exe! *
My supervisor´s PC has a trojan infection, and I offered to help him rid it of its malware. I have sought help from the forums a long while back, and remember the effectiveness of the process (and am very grateful for the help!)
I am unaware where the trojan is, but I have followed the instructions as best I can -- I removed "LimeWire" which was on the PC, and uninstalled all anti-virus software except for "avast! antivirus."
I have the DDS.txt and Attach.txt file from DDS.scr, however I have had problems with GMER.exe. It's now two times consecutively that I have BSOD'd midway through GMER.exe's scan (with Sections, IAT/EAT and everything prescribed unchecked), and now it is saying "GMER.exe has stopped working" the moment I try opening it.
I will attach what I do have, in the appropriate format, and am eager to do whatever steps are necessary. Thank you very much for your help!
Here is the DDS.txt Log:
DDS (Ver_09-06-26.01) - NTFSx86
Run by xavier at 15:49:57.14 on Wed 07/08/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.3060.1385 [GMT -4:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\dldtcoms.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\IoctlSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SetPoint\LBTWiz.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\V0400Mon.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\BillProduction\Bill Redirect Serial COM Port to Keyboard Buffer\Bill_Redirect_Serial_to_KB.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\xavier\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uWindow Title = Windows Internet Explorer provided by Sycom Technologies
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.speedapps.com/search.htm
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Logitech BT Wizard] LBTWiz.exe -silent
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [c:\windows\system32\v0400cvw.dll] c:\windows\system32\regsvr32.exe /s c:\windows\system32\V0400Cvw.dll
mRun: [V0400Mon.exe] c:\windows\V0400Mon.exe
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Microsoft Forefront Client Security Antimalware Service] "c:\program files\microsoft forefront\client security\client\antimalware\MSASCui.exe" -hide
mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
StartupFolder: c:\users\xavier\appdata\roaming\micros~1\windows\startm~1\programs\startup\eyemax~1.lnk - c:\dvr\capture.exe
StartupFolder: c:\users\xavier\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bill_r~1.lnk - c:\program files\billproduction\bill redirect serial com port to keyboard buffer\Bill_Redirect_Serial_to_KB.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe
mPolicies-explorer: NoDisconnect = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {9A74E90C-0233-4E1F-8EA1-105991C6FA12} - hxxp://10.10.13.203/webdvr3.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\xavier\appdata\roaming\mozilla\firefox\profiles\0dt8cvej.default\
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\xavier\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\xavier\appdata\roaming\mozilla\firefox\profiles\0dt8cvej.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-7-1 114768]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2007-6-20 79168]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-7-1 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-7-1 51792]
R2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\windows\system32\drivers\CdpPacket.sys [2009-3-6 35691]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
R2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\microsoft forefront\client security\client\antimalware\MsMpEng.exe [2009-6-3 16880]
R2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\microsoft forefront\client security\client\ssa\FcsSas.exe [2007-4-6 73120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-1-22 47640]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-8-19 179712]
R3 VF0400Afx;VF0400 Audio FX;c:\windows\system32\drivers\V0400Afx.sys [2009-1-21 142656]
R3 VF0400Vfx;VF0400 Video FX;c:\windows\system32\drivers\V0400Vfx.sys [2009-1-21 7424]
R3 VF0400Vid;Live! Cam Notebook Pro (VF0400);c:\windows\system32\drivers\V0400Vid.sys [2009-1-21 166720]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [2008-2-25 99568]
S2 gupdate1c9f66d2628579c;Google Update Service (gupdate1c9f66d2628579c);c:\program files\google\update\GoogleUpdate.exe [2009-6-26 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-12-2 84832]
=============== Created Last 30 ================
2009-07-08 15:41 <DIR> --d----- c:\program files\Trend Micro
2009-07-06 16:08 <DIR> --d----- c:\program files\RegistryFix7
2009-07-06 13:00 <DIR> --d----- c:\users\xavier\appdata\roaming\Blackberry Desktop
2009-07-06 12:57 <DIR> --d----- c:\users\xavier\appdata\roaming\Research In Motion
2009-07-01 17:33 192,000 a------- c:\windows\system32\trz6165.tmp
2009-07-01 17:06 89,600 a------t c:\windows\system32\NetProj.exeFFD115DF
2009-07-01 17:06 111,104 a------- c:\windows\system32\NetProj.exe.CABB36F01674EA64
2009-07-01 11:34 <DIR> --d----- c:\program files\iPod
2009-07-01 11:34 <DIR> --d----- c:\program files\iTunes
2009-07-01 11:09 <DIR> --d----- c:\users\xavier\appdata\roaming\DriverCure
2009-07-01 11:09 <DIR> --d----- c:\programdata\DriverCure
2009-07-01 11:09 <DIR> --d----- c:\progra~2\DriverCure
2009-07-01 11:07 <DIR> --d----- c:\users\xavier\appdata\roaming\ParetoLogic
2009-07-01 11:06 <DIR> --d----- c:\programdata\ParetoLogic
2009-07-01 11:06 <DIR> --d----- c:\progra~2\ParetoLogic
2009-07-01 11:06 <DIR> --d----- c:\program files\ParetoLogic
2009-07-01 11:06 <DIR> --d----- c:\program files\common files\ParetoLogic
2009-07-01 11:06 <DIR> --d----- c:\programdata\Downloaded Installations
2009-07-01 11:06 <DIR> --d----- c:\progra~2\Downloaded Installations
2009-07-01 10:27 51,792 a------- c:\windows\system32\drivers\aswMonFlt.sys
2009-06-30 16:47 0 a--shr-- C:\$lsdrive$
2009-06-30 16:47 0 a--shr-- C:\$dwnlvldrive$
2009-06-30 16:47 0 a--shr-- C:\$bootdrive$
2009-06-30 16:26 <DIR> --d----- C:\$WINDOWS.~LS
2009-06-30 16:24 <DIR> --d----- C:\$UPGRADE.~OS
2009-06-30 16:21 29,754 a------t C:\_wdsuef.dmp
2009-06-30 16:19 2 a--shr-- C:\$drvmig$
2009-06-30 16:14 1,905 a------- c:\windows\diagerr.xml
2009-06-30 16:14 1,887 a------- c:\windows\diagwrn.xml
2009-06-26 10:49 <DIR> --d----- c:\program files\common files\xing shared
2009-06-25 10:41 <DIR> --d----- c:\programdata\CyberLink
2009-06-25 10:39 <DIR> --d----- C:\DellMPv3.1.1
2009-06-25 10:38 20,480 a------- c:\windows\system32\drivers\omci.sys
2009-06-25 10:33 <DIR> --d----- C:\Intel
2009-06-24 17:09 <DIR> --d----- C:\WHAT
2009-06-24 16:40 <DIR> --d----- c:\programdata\Ahead
2009-06-24 16:38 <DIR> --d----- c:\programdata\Nero
2009-06-24 16:38 <DIR> --d----- c:\progra~2\Nero
2009-06-11 12:17 1,655 a------- C:\BillProduction.CFG.zip
2009-06-10 15:10 2,033,152 a------- c:\windows\system32\win32k.sys
2009-06-10 15:09 636,928 a------- c:\windows\system32\localspl.dll
2009-06-10 15:08 784,896 a------- c:\windows\system32\rpcrt4.dll
==================== Find3M ====================
2009-07-07 16:56 1,660 a------- c:\windows\bthservsdp.dat
2009-07-06 13:13 143,360 a------- c:\windows\inf\infstrng.dat
2009-07-06 13:13 51,200 a------- c:\windows\inf\infpub.dat
2009-07-06 13:13 86,016 a------- c:\windows\inf\infstor.dat
2009-06-08 11:17 6,144 a--sh--- c:\windows\system32\ss.drv
2009-05-15 13:35 69,616 a------- c:\windows\system32\drivers\MpFilter.sys
2009-04-24 12:05 827,904 a------- c:\windows\system32\wininet.dll
2009-04-24 12:02 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-24 09:44 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-04-13 11:16 56 a---h--- c:\programdata\ezsidmv.dat
2009-04-13 11:16 56 a---h--- c:\progra~2\ezsidmv.dat
2008-08-21 14:03 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 22:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
============= FINISH: 15:50:17.08 ===============
* AGAIN, the ATTACH.zip ONLY has the ATTACH.txt file from the DDS.scr, it does NOT have ARK.txt due to the complications with GMER.exe! *
