Inactive Scans take over 5 to 7 hours

tammilee68 · 2012/04/10

[Inactive] Scans take over 5 to 7 hours

I have Avira Anti-Virus and run a scan every night on my computer, at first the scan took just a litle bit of time, now it can take up to 7 hours.
I also have Super Anti-spyware this also takes up to 5 hours a night to scan. I run them at different times because if I run them together it will slow my computer down to the point where I can't do anything else on it.

I have run the scans that this site says to run, but not sure when to post them.. one place it says to put the logs in right away, another says to wait. But I have the logs from these scans..
MBAM
GMER
MBRCheck
DDS(2 logs)

Thank you
Tammi

broni · 2012/04/10

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

============================================================

There is no reason to run AV scan every day.
AV protection runs in real time so unless you see something wrong being with your computer leave those scans alone.

Post all logs right here.

Don't forget to let me know what's wrong with your computer.

tammilee68 · 2012/04/11

Hi Broni,
Thanks for letting me know that I only have to do the complete scan once a week, but should it still take 7 hours do it? Do you think it might be a problem with the anti-viirus programs or just an overall Computer promblem.. I had posted that I had quite a few problems and was told by Arie to start here. But I don't want to waste your time if you don't think it is the AV.
Thanks for any help..
Tammi

broni · 2012/04/11

I can't comment without seeing required logs.

AV scan may take a while depending on your hard drive size and number of files.

tammilee68 · 2012/04/11

The Logs

Broni,

I went to attach the logs and found out that,The GMER Scan Took 3 hours and the first time it ran the report would not save and when I re ran it; it just threw up a box that said "No Modifications have been made" I ran it twice with the same results. Should I restart everything over again?
Sorry to be such a problem..
Tammi

broni · 2012/04/11

You did fine.
Go ahead with other scans.

tammilee68 · 2012/04/11

The Logs (part 2 LOL)

Thanks Brondi,

Here are the logs that I have, Like I said I don't have a GMER one.

MBAM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.10.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mike :: MIKE-PC [administrator]

4/10/2012 8:40:10 AM
mbam-log-2012-04-10 (08-40-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197560
Time elapsed: 3 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

MBRCheck

tammilee68 · 2012/04/11

more logs

Sorry it posted before I could paste this one..

MBRCHECK

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-10 12:55:46
-----------------------------
12:55:46.682 OS Version: Windows x64 6.1.7601 Service Pack 1
12:55:46.682 Number of processors: 1 586 0x602
12:55:46.692 ComputerName: MIKE-PC UserName: Mike
12:55:48.839 Initialize success
12:56:13.932 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000057
12:56:13.932 Disk 0 Vendor: Hitachi_ JP2O Size: 476940MB BusType: 3
12:56:13.963 Disk 0 MBR read successfully
12:56:13.963 Disk 0 MBR scan
12:56:13.979 Disk 0 unknown MBR code
12:56:13.994 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:56:13.994 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 466705 MB offset 206848
12:56:14.041 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10131 MB offset 956018832
12:56:14.072 Disk 0 scanning C:\Windows\system32\drivers
12:56:23.665 Service scanning
12:56:48.867 Modules scanning
12:56:48.877 Disk 0 trace - called modules:
12:56:48.907 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
12:56:48.907 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800268f760]
12:56:49.247 3 CLASSPNP.SYS[fffff880019ca43f] -> nt!IofCallDriver -> [0xfffffa8001f62cb0]
12:56:49.257 5 ACPI.sys[fffff88000e1b7a1] -> nt!IofCallDriver -> \Device\00000057[0xfffffa800216e9c0]
12:56:49.277 Scan finished successfully
13:00:01.248 Disk 0 MBR has been saved successfully to "C:\Users\Mike\Desktop\help\MBR.dat "
13:00:01.263 The log file has been saved successfully to "C:\Users\Mike\Desktop\help\aswMBR.txt "

First DSS Log..
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Mike at 13:03:02 on 2012-04-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1790.579 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Windows Media Player\wmprph.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://www.bing.com
mDefault_Page_URL = hxxp://www.bing.com
mStart Page = hxxp://www.bing.com
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Toolbar - Big Fish Games: {c7c9fc25-88b0-4682-9c9f-2608e9117647} - C:\Program Files (x86)\bfgbartb\BfgBarDx.dll
BHO: GamesBarBHO Class: {cb0d163c-e9f4-4236-9496-0597e24b23a5} - C:\Program Files (x86)\GamesBar\2.0.1.73\oberontb.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: GamesBar: {6f282b65-56bf-4bd1-a8b2-a4449a05863d} - C:\Program Files (x86)\GamesBar\2.0.1.73\oberontb.dll
TB: Toolbar - Big Fish Games: {c7c9fc25-88b0-4682-9c9f-2608e9117647} - C:\Program Files (x86)\bfgbartb\BfgBarDx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe "
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe "
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {1A93C934-025B-4c3a-B38E-9654A7003239} - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\2.0.1.73\oberontb.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files%20(x86)/Letters%20from%20Nowhere/Images/stg_drm.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files%20(x86)/Mystery%20of%20Mortlake%20Mansion/Images/armhelper.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 64.233.217.3 64.233.217.5
TCP: Interfaces\{5548AE38-75DF-4258-AE49-0A3A998B005C} : DhcpNameServer = 64.233.217.3 64.233.217.5
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Toolbar - Big Fish Games: {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files (x86)\bfgbartb\BfgBarDx.dll
BHO-X64: Toolbar - Big Fish Games - No File
BHO-X64: GamesBarBHO Class: {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files (x86)\GamesBar\2.0.1.73\oberontb.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB-X64: GamesBar: {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\2.0.1.73\oberontb.dll
TB-X64: Toolbar - Big Fish Games: {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files (x86)\bfgbartb\BfgBarDx.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe "
mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun-x64: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
============= SERVICES / DRIVERS ===============
.
R0 DRVECDB;DRVECDB;C:\Windows\system32\Drivers\DRVECDB.SYS --> C:\Windows\system32\Drivers\DRVECDB.SYS [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 DLARTL_E;DLARTL_E;C:\Windows\system32\Drivers\DLARTL_E.SYS --> C:\Windows\system32\Drivers\DLARTL_E.SYS [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-10-21 342480]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-21 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-10-21 110032]
R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2011-10-21 463824]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 DLABMFSE;DLABMFSE;C:\Windows\system32\DLA\DLABMFSE.SYS --> C:\Windows\system32\DLA\DLABMFSE.SYS [?]
R2 DLABOIOE;DLABOIOE;C:\Windows\system32\DLA\DLABOIOE.SYS --> C:\Windows\system32\DLA\DLABOIOE.SYS [?]
R2 DLADResE;DLADResE;C:\Windows\system32\DLA\DLADResE.SYS --> C:\Windows\system32\DLA\DLADResE.SYS [?]
R2 DLAIFS_E;DLAIFS_E;C:\Windows\system32\DLA\DLAIFS_E.SYS --> C:\Windows\system32\DLA\DLAIFS_E.SYS [?]
R2 DLAOPIOE;DLAOPIOE;C:\Windows\system32\DLA\DLAOPIOE.SYS --> C:\Windows\system32\DLA\DLAOPIOE.SYS [?]
R2 DLAPoolE;DLAPoolE;C:\Windows\system32\DLA\DLAPoolE.SYS --> C:\Windows\system32\DLA\DLAPoolE.SYS [?]
R2 DLAUDF_E;DLAUDF_E;C:\Windows\system32\DLA\DLAUDF_E.SYS --> C:\Windows\system32\DLA\DLAUDF_E.SYS [?]
R2 DLAUDFAE;DLAUDFAE;C:\Windows\system32\DLA\DLAUDFAE.SYS --> C:\Windows\system32\DLA\DLAUDFAE.SYS [?]
R2 DRVEDDM;DRVEDDM;C:\Windows\system32\Drivers\DRVEDDM.SYS --> C:\Windows\system32\Drivers\DRVEDDM.SYS [?]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
S1 DLACDBHE;DLACDBHE;C:\Windows\system32\Drivers\DLACDBHE.SYS --> C:\Windows\system32\Drivers\DLACDBHE.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-10 12:39:11 -------- d-----w- C:\Users\Mike\AppData\Roaming\Malwarebytes
2012-04-10 12:39:02 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-10 12:39:01 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-10 12:39:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-10 11:45:12 -------- d-----w- C:\Users\Mike\AppData\Local\SUPERSystemInspector
2012-04-10 07:02:02 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D380AF25-271F-4D8E-A784-688A4F1456AF}\offreg.dll
2012-04-10 07:01:16 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D380AF25-271F-4D8E-A784-688A4F1456AF}\mpengine.dll
2012-04-08 02:20:44 -------- d-----w- C:\Users\Mike\AppData\Local\{4BF828D6-D00C-4A80-919C-8B3CFD3282FE}
2012-04-02 08:00:14 -------- d-----w- C:\Users\Mike\AppData\Local\{D81AE96B-4C91-4B69-BC67-75726CB0191D}
2012-03-28 12:02:07 -------- d-----w- C:\Program Files (x86)\bfgbartb
2012-03-27 00:37:27 -------- d-----w- C:\Users\Mike\AppData\Local\{6FC315CD-3932-4BB3-A6CB-7CA95FF9BA1D}
2012-03-27 00:37:14 -------- d-----w- C:\Users\Mike\AppData\Local\{91306552-5E9F-4E46-9646-1C1BBCDC8BF0}
2012-03-25 22:51:23 -------- d-----w- C:\Users\Mike\AppData\Local\{3A4F8AE9-A1A9-4075-A16D-43EA838AEBED}
2012-03-25 22:51:11 -------- d-----w- C:\Users\Mike\AppData\Local\{404DA853-9FCF-4E11-B6F2-8037A47AE894}
2012-03-25 22:49:35 -------- d-----w- C:\Users\Mike\AppData\Local\{DB9913CD-1A7B-4E9C-8D43-C1DC254762A0}
2012-03-25 22:49:22 -------- d-----w- C:\Users\Mike\AppData\Local\{D3D60A3A-0C85-47DD-9543-AE06C5E51EF0}
2012-03-24 16:01:33 -------- d-----w- C:\Users\Mike\AppData\Local\{B828214B-FC3C-4A0D-89DC-1677C89D780A}
2012-03-24 16:01:20 -------- d-----w- C:\Users\Mike\AppData\Local\{DEC4DDA1-4EC3-44D5-9066-8A16D2F9D6FB}
2012-03-24 14:15:38 -------- d-----w- C:\Users\Mike\AppData\Local\{E693BB64-2B0B-4D66-9F0B-0D4C25815625}
2012-03-24 14:15:27 -------- d-----w- C:\Users\Mike\AppData\Local\{C204AF32-1C31-4F3E-B222-36036EACBC6C}
2012-03-24 13:37:43 -------- d-----w- C:\Users\Mike\AppData\Local\{2D3554BB-78A5-4E09-829A-E71486E3E807}
2012-03-24 13:37:30 -------- d-----w- C:\Users\Mike\AppData\Local\{16800493-E215-4B42-9483-93CC8F63B55F}
2012-03-24 03:55:56 -------- d-----w- C:\Users\Mike\AppData\Local\{D820D5EC-A3C7-4DC9-9D27-2AB54AFF7CF0}
2012-03-24 03:55:43 -------- d-----w- C:\Users\Mike\AppData\Local\{58533076-A531-4118-9785-DBDA146D4A9C}
2012-03-24 03:54:57 -------- d-----w- C:\Users\Mike\AppData\Local\{AAC58C16-9BB6-451F-89E6-B2E823B6795E}
2012-03-24 03:54:45 -------- d-----w- C:\Users\Mike\AppData\Local\{E14B43D9-B260-400B-8EA5-588D45C20891}
2012-03-21 00:13:03 -------- d-----w- C:\Users\Mike\AppData\Local\{8B99F275-7260-4E58-8DC8-418287108E22}
2012-03-21 00:12:48 -------- d-----w- C:\Users\Mike\AppData\Local\{68BF81B7-1F10-40AF-AB01-47943D1BC871}
2012-03-20 02:24:45 -------- d-----w- C:\Users\Mike\AppData\Local\{F5ECB85D-2EE2-434C-9BCE-764F79D92093}
2012-03-20 02:24:33 -------- d-----w- C:\Users\Mike\AppData\Local\{B97558E7-E767-4BE3-A12A-164A50A5D3B0}
2012-03-20 02:10:15 -------- d-----w- C:\Users\Mike\AppData\Local\{A332093D-97D2-466B-8A30-54725205384D}
2012-03-20 02:10:02 -------- d-----w- C:\Users\Mike\AppData\Local\{60F314A4-37AD-46A7-BF03-A03EB25C652C}
2012-03-18 23:51:36 -------- d-----w- C:\Users\Mike\AppData\Local\{4630B0BA-BB17-4F32-991A-CFE31C4B2FA5}
2012-03-18 23:51:22 -------- d-----w- C:\Users\Mike\AppData\Local\{3B9E9FED-5879-4B70-9C5F-D1AC1AC7A9D8}
2012-03-14 07:11:10 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 07:11:07 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 07:11:06 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-13 19:21:45 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-13 19:21:39 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-13 19:21:38 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-13 19:20:10 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-13 19:20:10 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-13 19:20:10 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-13 19:20:08 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-13 19:20:07 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-13 19:20:07 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-13 19:20:07 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
.
==================== Find3M ====================
.
2012-02-23 13:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 13:04:16.54 ===============

Last DSS log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/11/2010 8:13:14 PM
System Uptime: 4/7/2012 2:08:35 PM (71 hours ago)
.
Motherboard: PEGATRON CORPORATION | | NARRA5
Processor: AMD Sempron(tm) 140 Processor | Socket AM2 | 2700/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 456 GiB total, 313.457 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.494 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP210: 3/30/2012 3:01:46 AM - Windows Update
RP211: 4/3/2012 3:01:41 AM - Windows Update
RP212: 4/7/2012 2:12:35 PM - Removed Disney Calendar Widget
RP213: 4/10/2012 3:00:28 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Reader X (10.1.1)
Any Audio Converter 3.3.1
Any Video Converter 3.3.2
Avira Antivirus Premium 2012
Big City Adventure: Sydney, Australia
Big Fish Games: Game Manager
Compatibility Pack for the 2007 Office system
Content Transfer
CyberLink DVD Suite Deluxe
D3DX10
DirectX for Managed Code Update (Summer 2004)
FrostWire 5.2.10
GamesBar 2.0.1.73
Haunted Hotel
Hewlett-Packard ACLM.NET v1.1.1.0
Hide and Secret 3
HP Advisor
HP Customer Experience Enhancements
HP Games
HP Odometer
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 1.61.0.1400
Memorex exPressit Label Design Studio
Microsoft Live Search Toolbar
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Case Files®: Escape from Ravenhearstâ„¢ Collector's Edition
Mystery Case Files: Madame Fate ®
Natalie Brooks
NWZ-S540 WALKMAN Guide
OpenAL
Pathfinders: Lost at Sea
PictureMover
Power2Go
PowerDirector
Realtek High Definition Audio Driver
Recovery Manager
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio Update Manager
Samantha Swift 2
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
SendSpace Wizard
Sonic Activation Module
Toolbar - Big Fish Games
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Women’s Murder Club - Triple Crime Pack
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
4/7/2012 2:08:40 PM, Error: Application Popup [876] - Driver DLACDBHE.SYS has been blocked from loading.
4/10/2012 7:45:20 AM, Error: Service Control Manager [7000] - The SABKUTIL service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================

Thanks for the help!!
Tammi

broni · 2012/04/11

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

Double-click on the Rkill icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

broni · 2012/04/11

We posted at the same time so proceed with Combofix.

tammilee68 · 2012/04/12

Combofix Log

ComboFix 12-04-12.01 - Mike 04/12/2012 7:39.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1790.835 [GMT -4:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mike\AppData\Local\log.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-03-12 to 2012-04-12 )))))))))))))))))))))))))))))))
.
.
2012-04-12 12:18 . 2012-04-12 12:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-11 23:24 . 2012-04-11 23:24 -------- d-----w- c:\programdata\SUPERSetup
2012-04-11 23:18 . 2012-04-12 07:05 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D380AF25-271F-4D8E-A784-688A4F1456AF}\offreg.dll
2012-04-11 21:48 . 2012-04-11 21:48 -------- d-----w- c:\program files (x86)\SIW
2012-04-11 21:39 . 2012-04-11 21:39 -------- d-----w- C:\ManageEngine
2012-04-11 07:04 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 07:04 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 07:04 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 07:01 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 07:01 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 07:01 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 07:01 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 07:01 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 07:01 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 07:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-10 12:39 . 2012-04-10 12:39 -------- d-----w- c:\users\Mike\AppData\Roaming\Malwarebytes
2012-04-10 12:39 . 2012-04-10 12:39 -------- d-----w- c:\programdata\Malwarebytes
2012-04-10 12:39 . 2012-04-10 12:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-10 12:39 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-10 11:45 . 2012-04-11 23:17 -------- d-----w- c:\users\Mike\AppData\Local\SUPERSystemInspector
2012-04-10 07:01 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D380AF25-271F-4D8E-A784-688A4F1456AF}\mpengine.dll
2012-03-28 12:02 . 2012-03-28 12:02 -------- d-----w- c:\program files (x86)\bfgbartb
2012-03-13 19:21 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 19:21 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 19:21 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 19:20 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 19:20 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 19:20 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 19:20 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 19:20 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 19:20 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 19:20 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 13:18 . 2010-12-12 01:32 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 18:21 . 2011-10-21 15:03 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2957040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt "= "c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"SunJavaUpdateSched "= "c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"ISUSScheduler "= "c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ISUSPM Startup "= "c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"hpsysdrv "= "c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Software Update "= "c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Adobe ARM "= "c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux "=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=" "
.
R1 DLACDBHE;DLACDBHE;c:\windows\system32\Drivers\DLACDBHE.SYS [x]
R1 SABKUTIL;SABKUTIL;c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V3D87V0I\SASKUTIL.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 DRVECDB;DRVECDB;c:\windows\System32\Drivers\DRVECDB.SYS [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 DLARTL_E;DLARTL_E;c:\windows\system32\Drivers\DLARTL_E.SYS [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-12-08 342480]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-10-11 463824]
S2 DLABMFSE;DLABMFSE;c:\windows\system32\DLA\DLABMFSE.SYS [x]
S2 DLABOIOE;DLABOIOE;c:\windows\system32\DLA\DLABOIOE.SYS [x]
S2 DLADResE;DLADResE;c:\windows\system32\DLA\DLADResE.SYS [x]
S2 DLAIFS_E;DLAIFS_E;c:\windows\system32\DLA\DLAIFS_E.SYS [x]
S2 DLAOPIOE;DLAOPIOE;c:\windows\system32\DLA\DLAOPIOE.SYS [x]
S2 DLAPoolE;DLAPoolE;c:\windows\system32\DLA\DLAPoolE.SYS [x]
S2 DLAUDF_E;DLAUDF_E;c:\windows\system32\DLA\DLAUDF_E.SYS [x]
S2 DLAUDFAE;DLAUDFAE;c:\windows\system32\DLA\DLAUDFAE.SYS [x]
S2 DRVEDDM;DRVEDDM;c:\windows\system32\Drivers\DRVEDDM.SYS [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-29 c:\windows\Tasks\HPCeeScheduleForMike.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
2012-03-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2009-07-29 16333856]
"PC-Doctor for Windows localizer "= "c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs "=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 64.233.217.3 64.233.217.5
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-DW6 - c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3359949193-3595246736-1675502467-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "WindowsLiveMail.Email.1 "
.
[HKEY_USERS\S-1-5-21-3359949193-3595246736-1675502467-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "WindowsLiveMail.VCard.1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Shockwave Flash Object "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@= "0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@= "ShockwaveFlash.ShockwaveFlash.10 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "ShockwaveFlash.ShockwaveFlash "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Macromedia Flash Factory Object "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@= "FlashFactory.FlashFactory.1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "FlashFactory.FlashFactory "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue "=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-12 08:22:34
ComboFix-quarantined-files.txt 2012-04-12 12:22
.
Pre-Run: 336,468,942,848 bytes free
Post-Run: 336,342,437,888 bytes free
.
- - End Of File - - 7190F3603D6495CE7E0A14DA699DFFF2

broni · 2012/04/12

I don't see anything malicious in your logs. You should be good to go.

tammilee68 · 2012/04/12

Thank you for your help with this.. since you didn't find anything wrong with the anti-virus or malware programs, do you any ideas why it would take so long to run the quick scan?
Now I just need to figure out with forums my other problems fall under. (LOL)
Thanks again Tammi

broni · 2012/04/12

Post in Windows forum.

tammilee68 · 2012/04/12

Okay, Thanks again.

broni · 2012/04/12

Sure

Log in or Sign up

Inactive Scans take over 5 to 7 hours

tammilee68 Inactive Thread Starter

broni Moderator Malware Analyst

tammilee68 Inactive Thread Starter

broni Moderator Malware Analyst

tammilee68 Inactive Thread Starter

broni Moderator Malware Analyst

tammilee68 Inactive Thread Starter

tammilee68 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

tammilee68 Inactive Thread Starter

broni Moderator Malware Analyst

tammilee68 Inactive Thread Starter

broni Moderator Malware Analyst

tammilee68 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Scans take over 5 to 7 hours

tammilee68 Inactive Thread Starter

broni Moderator Malware Analyst

tammilee68 Inactive Thread Starter

broni Moderator Malware Analyst

tammilee68 Inactive Thread Starter

broni Moderator Malware Analyst

tammilee68 Inactive Thread Starter

tammilee68 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

tammilee68 Inactive Thread Starter

broni Moderator Malware Analyst

tammilee68 Inactive Thread Starter

broni Moderator Malware Analyst

tammilee68 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches