Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer freezes during virus/malware scan please help.

Started by SikOrSky12 , Jul 10 2010 11:45 PM

  • Please log in to reply

#1
SikOrSky12
Posted 10 July 2010 - 11:45 PM

SikOrSky12

    Member

  • Member
  • PipPip
  • 18 posts
My computer always freezes during a virus/malware scan (full system scan only) all the other scans work like smart scan etc. I have used different malware and virus scanners like iobit security 360, bitdefender, malwarebytes anti-malware and all of them freeze my computer during a full system scan.

i followed Dave's steps on this topic:
http://www.geekstogo...an-t255131.html

and here are the log files:

GMER:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-11 13:57:33
Windows 6.0.6002 Service Pack 2
Running: ghnzn078.exe; Driver: C:\Users\Timothy\AppData\Local\Temp\fwtdrfog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)

Device \Driver\BTHUSB \Device\00000070 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000070 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000006e bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000006e bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0021860371bc
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0021860371bc (not active ControlSet)

---- EOF - GMER 1.0.15 ----

ComboFix:

ComboFix 10-07-10.01 - Timothy 11/07/2010 14:52:51.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.1014.250 [GMT 10:00]
Running from: c:\users\Timothy\Desktop\cf.com
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-06-11 to 2010-07-11 )))))))))))))))))))))))))))))))
.

2010-07-11 05:03 . 2010-07-11 05:07 -------- d-----w- c:\users\Timothy\AppData\Local\temp
2010-07-11 05:03 . 2010-07-11 05:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-11 04:13 . 2010-07-11 22:48 -------- d-----w- C:\cf
2010-07-09 14:20 . 2010-07-09 14:20 -------- d-----w- c:\program files\FileHippo.com
2010-07-09 10:56 . 2010-07-09 10:56 -------- d-----w- c:\users\Timothy\AppData\Roaming\Malwarebytes
2010-07-09 10:55 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-09 10:55 . 2010-07-09 10:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-09 10:55 . 2010-07-09 10:55 -------- d-----w- c:\programdata\Malwarebytes
2010-07-09 10:55 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-09 10:47 . 2010-07-09 10:49 -------- d-----w- c:\users\Timothy\AppData\Roaming\QuickScan
2010-07-09 06:08 . 2010-07-09 06:08 -------- d-----w- c:\windows\system32\VIRepair
2010-07-07 05:44 . 2010-07-09 06:48 -------- d-----w- c:\programdata\BitDefender
2010-07-07 05:44 . 2010-07-07 05:45 -------- d-----w- c:\users\Timothy\AppData\Roaming\BitDefender
2010-07-07 05:41 . 2010-07-09 06:48 -------- d-----w- c:\program files\Common Files\BitDefender
2010-07-05 15:40 . 2009-11-29 17:03 360499 ----a-w- c:\windows\system32\viwc.exe
2010-07-05 15:40 . 2009-09-09 11:19 146412 ------w- c:\windows\system32\vilaunch.exe
2010-07-05 15:39 . 2010-07-09 06:08 -------- d-----w- c:\windows\system32\VITrans
2010-07-05 15:39 . 2010-07-05 15:41 -------- d-----w- C:\VTPFiles
2010-07-05 15:39 . 2006-12-03 07:15 111104 ----a-w- c:\windows\system32\Uharc.exe
2010-07-05 15:39 . 2006-12-03 07:15 19968 ----a-w- c:\windows\system32\reico.exe
2010-07-05 15:39 . 2006-12-03 07:15 69632 ----a-w- c:\windows\system32\moveex.exe
2010-07-05 15:39 . 2006-12-03 07:14 8636 ----a-w- c:\windows\system32\modifype.exe
2010-07-05 15:39 . 2004-11-27 09:00 94208 ----a-w- c:\windows\system32\pskill.exe
2010-07-05 15:06 . 2009-03-23 07:39 20480 ----a-w- c:\windows\system32\scrnrdr.exe
2010-06-26 04:15 . 2009-11-08 00:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-26 04:15 . 2009-11-08 00:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-26 04:15 . 2009-11-08 00:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-26 04:15 . 2009-11-08 00:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-26 04:15 . 2009-11-08 00:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-25 07:55 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-25 07:55 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-23 04:30 . 2010-06-23 04:30 -------- d-----w- c:\users\Timothy\AppData\Roaming\Template
2010-06-15 08:44 . 2010-05-31 18:58 6638080 ----a-w- c:\windows\system32\drivers\NETw5v32.sys
2010-06-15 08:44 . 2009-09-15 19:19 2756608 ----a-w- c:\windows\system32\NETw5r32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2055-09-19 06:29 . 2009-09-19 06:00 2012 ----a-w- c:\windows\system32\NAV_75_cltDynam.dat
2010-07-11 05:06 . 2010-06-02 08:44 -------- d-----w- c:\program files\Common Files\Akamai
2010-07-11 05:04 . 2008-04-29 03:53 12 ----a-w- c:\windows\bthservsdp.dat
2010-07-09 14:38 . 2010-04-17 05:20 -------- d-----w- c:\users\Timothy\AppData\Roaming\HpUpdate
2010-07-09 14:20 . 2010-04-17 02:21 103264 ----a-w- c:\users\Timothy\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-09 07:27 . 2010-04-20 07:41 -------- d-----w- c:\programdata\IObit
2010-07-09 07:27 . 2010-04-18 05:41 -------- d-----w- c:\program files\IObit
2010-07-09 07:13 . 2007-06-28 07:39 -------- d-----w- c:\programdata\Roxio
2010-07-09 07:13 . 2007-06-28 07:36 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-07-09 07:13 . 2007-06-28 07:36 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-07-09 07:04 . 2007-06-28 08:26 -------- d-----w- c:\program files\muvee Technologies
2010-07-09 07:02 . 2007-06-28 08:26 -------- d-----w- c:\program files\Common Files\muvee Technologies
2010-07-09 07:02 . 2007-06-28 07:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-09 07:00 . 2007-06-28 08:24 -------- d-----w- c:\program files\MediaRing
2010-07-09 06:02 . 2010-04-18 05:41 -------- d-----w- c:\users\Timothy\AppData\Roaming\IObit
2010-07-07 10:26 . 2010-05-16 08:29 -------- d-----w- c:\program files\Steam
2010-07-07 10:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2010-07-07 10:24 . 2010-05-16 07:53 -------- d-----w- c:\program files\Error Expert
2010-07-07 10:24 . 2010-04-18 05:39 -------- d-----w- c:\program files\DAP
2010-07-06 15:29 . 2010-05-09 00:35 -------- d-----w- c:\users\Timothy\AppData\Roaming\BitTorrent
2010-07-06 11:43 . 2010-04-18 05:32 -------- d-----w- c:\program files\CCleaner
2010-07-02 03:28 . 2010-04-18 06:42 95744 ----a-w- c:\programdata\SpeedBit\DAP\SDCondition.dll
2010-06-26 04:17 . 2007-06-28 08:07 -------- d-----w- c:\program files\Microsoft.NET
2010-06-23 04:23 . 2007-06-28 08:05 -------- d-----w- c:\programdata\Microsoft Help
2010-06-11 07:39 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-09 12:41 . 2010-06-09 12:41 -------- d-----w- c:\users\Timothy\AppData\Roaming\vlc
2010-06-09 12:40 . 2010-06-09 12:40 -------- d-----w- c:\program files\VideoLAN
2010-06-08 12:25 . 2010-06-08 12:19 -------- d-----w- c:\program files\Autodesk
2010-06-08 12:24 . 2010-06-08 12:24 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-06-08 12:24 . 2010-06-08 12:19 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-06-08 12:21 . 2010-06-02 09:01 -------- d-----w- c:\programdata\Autodesk
2010-06-05 08:14 . 2010-06-02 09:01 -------- d-----w- c:\users\Timothy\AppData\Roaming\Autodesk
2010-06-05 04:28 . 2010-04-23 08:05 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 09:38 . 2010-06-02 09:38 -------- d-----w- c:\programdata\FLEXnet
2010-05-26 17:06 . 2010-06-10 04:38 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 04:38 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-23 20:24 . 2007-06-28 08:11 -------- d-----w- c:\programdata\CyberLink
2010-05-21 04:14 . 2010-04-17 02:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 07:13 . 2010-04-18 06:48 -------- d-----w- c:\programdata\NortonInstaller
2010-05-18 07:12 . 2010-04-18 06:48 -------- d-----w- c:\programdata\Norton
2010-05-18 07:12 . 2007-06-28 07:41 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-17 05:42 . 2007-06-28 08:22 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-16 08:47 . 2010-05-16 08:47 -------- d-----w- c:\program files\Common Files\Steam
2010-05-16 08:21 . 2010-05-16 08:21 -------- d-----w- c:\users\Timothy\AppData\Roaming\Tific
2010-05-16 08:03 . 2010-05-16 07:53 -------- d-----w- c:\users\Timothy\AppData\Roaming\ErrorExpert
2010-05-15 03:12 . 2007-06-28 08:09 -------- d-----w- c:\program files\Intel
2010-05-15 02:52 . 2010-05-09 02:32 -------- d-----w- c:\program files\SystemRequirementsLab
2010-05-15 02:52 . 2010-05-15 02:52 84480 ----a-w- c:\users\Timothy\AppData\Roaming\SystemRequirementsLab\srlproxy_intel_4.1.66.0A.dll
2010-05-15 02:52 . 2010-05-09 02:32 -------- d-----w- c:\users\Timothy\AppData\Roaming\SystemRequirementsLab
2010-05-09 02:32 . 2010-05-09 02:32 85504 ----a-w- c:\users\Timothy\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-05-04 05:59 . 2010-06-10 04:38 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 04:38 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-10 04:38 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-10 04:38 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-10 04:38 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:18 . 2010-04-29 19:18 57344 ----a-r- c:\windows\system32\XSIChooser.exe
2010-04-23 14:13 . 2010-05-26 07:14 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-18 13:05 . 2010-04-18 07:01 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-04-18 13:05 . 2010-04-18 07:01 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-04-18 04:54 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-04-18 01:16 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-04-18 01:16 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-04-17 14:05 . 2010-04-17 14:05 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-04-17 13:36 . 2010-04-17 13:36 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-04-17 13:36 . 2010-04-17 13:36 270848 ----a-w- c:\windows\system32\schannel.dll
2010-04-17 11:57 . 2010-04-17 11:57 23552 ----a-w- c:\windows\system32\lpk.dll
2010-04-17 11:57 . 2010-04-17 11:57 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-04-17 11:57 . 2010-04-17 11:57 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-04-17 11:57 . 2010-04-17 11:57 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-04-17 11:56 . 2010-04-17 11:56 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-04-17 11:56 . 2010-04-17 11:56 272896 ----a-w- c:\windows\system32\polstore.dll
2010-04-17 11:53 . 2010-04-17 11:53 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-04-17 11:53 . 2010-04-17 11:53 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-04-17 11:50 . 2010-04-17 11:50 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-04-17 11:50 . 2010-04-17 11:50 17920 ----a-w- c:\windows\system32\netevent.dll
2010-04-17 11:50 . 2010-04-17 11:50 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-04-17 11:50 . 2010-04-17 11:50 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-04-17 11:50 . 2010-04-17 11:50 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-04-17 11:50 . 2010-04-17 11:50 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-04-17 11:50 . 2010-04-17 11:50 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-04-17 11:50 . 2010-04-17 11:50 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-04-17 11:50 . 2010-04-17 11:50 10240 ----a-w- c:\windows\system32\finger.exe
2010-04-17 11:47 . 2010-04-17 11:47 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-04-17 11:47 . 2010-04-17 11:47 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-04-17 11:47 . 2010-04-17 11:47 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-04-17 11:47 . 2010-04-17 11:47 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-04-17 11:47 . 2010-04-17 11:47 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-04-17 11:47 . 2010-04-17 11:47 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-04-17 11:47 . 2010-04-17 11:47 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2010-04-17 11:46 . 2010-04-17 11:46 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-04-17 11:46 . 2010-04-17 11:46 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-04-17 11:46 . 2010-04-17 11:46 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-04-17 11:46 . 2010-04-17 11:46 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-04-17 11:45 . 2010-04-17 11:45 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-04-17 11:45 . 2010-04-17 11:45 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-04-17 11:45 . 2010-04-17 11:45 9728 ----a-w- c:\windows\system32\lsass.exe
2010-04-17 11:45 . 2010-04-17 11:45 72704 ----a-w- c:\windows\system32\secur32.dll
2010-04-17 11:45 . 2010-04-17 11:45 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-04-17 11:45 . 2010-04-17 11:45 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-17 11:44 . 2010-04-17 11:44 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2010-04-18 2815488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-11 159744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):59,c1,a0,98,b0,de,ca,01

R2 .1209441276;1209441276;c:\program files\1209441276\Timothy1209441276L.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-03-09 86016]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2010-05-31 6638080]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-07-11 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-04-18 04:11]

2010-07-11 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-04-18 07:33]

2010-07-09 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-04-18 06:18]

2010-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3862905309-1287376007-1067990715-1000Core.job
- c:\users\Timothy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-17 03:04]

2010-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3862905309-1287376007-1067990715-1000UA.job
- c:\users\Timothy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-17 03:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=73&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=73&bd=Pavilion&pf=laptop
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-11 15:07
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3784)
c:\windows\system32\APSHook.dll
c:\program files\Bioscrypt\VeriSoft\Bin\ItClient.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\program files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
.
**************************************************************************
.
Completion time: 2010-07-11 15:15:49 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-11 05:15
ComboFix2.txt 2010-07-11 04:38

Pre-Run: 104,399,327,232 bytes free
Post-Run: 104,119,783,424 bytes free

- - End Of File - - B84FE9DC109657FE7FF9CB28BB043A17


and i would also like to know what this log is and is

Scrambler:

"C:\Users\Timothy\AppData\Local\Temp\nsj6A10.tmp\un.package.exe" "C:\Users\Timothy\AppData\Local\Temp\nsj6A10.tmp\3\PriceGong.exe.scr" "C:\Users\Timothy\AppData\Local\Temp\nsj6A10.tmp\3\PriceGong.exe" "B"OVER
Direction:B
InputFile:C:\Users\Timothy\AppData\Local\Temp\nsj6A10.tmp\3\PriceGong.exe.scr
InputFile:C:\Users\Timothy\AppData\Local\Temp\nsj6A10.tmp\3\PriceGong.exe
OPEN-IN:The operation completed successfully.

OPEN-OUT:The operation completed successfully.

Opened Files!
READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

READ:The operation completed successfully.

Reading
WRITE-OUT:The operation completed successfully.

and that is all please help.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP