MeganB

Members
  • Content count

    42
  • Joined

  • Last visited

About MeganB

  • Rank
    New Member

Contact Methods

  • ICQ
    0
  1. Okay, thank you. I guess I have to go that route.
  2. I am going through hell trying to get this log to post and I don't think it's going to happen. From notepad, if I try to save it to a disk and open it again, it won't open. If I try to copy and paste it, the computer freezes. When I pasted it into Word, Word said it was over 22,000 pages. So...I don't think you're going to be able to get that log. I even tried to zip it, but it wouldn't attach. I'll try to save the zip file to a disk and open it on my netbook. Right now I'm about ready to just reformat the whole thing and start anew. I can't believe it's been a whole month and no one knows what is making my browser access stop 10 minutes after a reboot. It's def a setting on my PC. I turned off my modem, and used my Palm cell for phone as modem and the browser stopped working still, after 10 minutes of a reboot. No one else is using my computer but me since the infection. The Internet light on the modem shouldn't flash unless the internet is being accessed, but is has been randomly flashing since the infection. Maybe the virus is updating or downloading more malware.
  3. ComboFix log 2 with CFScript: ComboFix 11-07-07.05 - School 07/08/2011 10:41:53.4.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.833 [GMT -4:00] Running from: c:\documents and settings\School\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\School\Desktop\CFScript.txt AV: AntiVir Desktop *Disabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE} . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . file zipped: c:\windows\system32\asusrx20.dll file zipped: c:\windows\system32\cdscsix3.dll file zipped: c:\windows\system32\logon16x.dll file zipped: c:\windows\system32\ramvxt.sys file zipped: c:\windows\system32\se500mdm.dll . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\asusrx20.dll c:\windows\system32\cdscsix3.dll c:\windows\system32\logon16x.dll c:\windows\system32\mmxeroxk.dll c:\windows\system32\ntos.exe c:\windows\system32\ramvxt.sys c:\windows\system32\satau325.sys c:\windows\system32\se500mdm.dll . . ((((((((((((((((((((((((( Files Created from 2011-06-08 to 2011-07-08 ))))))))))))))))))))))))))))))) . . 2011-07-07 21:03 . 2011-07-07 21:03 2560 ----a-w- c:\windows\_MSRSTRT.EXE 2011-07-07 21:02 . 2011-07-07 21:02 -------- d-----w- c:\documents and settings\School\Local Settings\Application Data\Learn.com 2011-07-01 23:39 . 2011-07-01 23:40 -------- d-----w- c:\program files\Speccy 2011-07-01 16:51 . 2011-07-01 16:51 -------- d-----w- c:\documents and settings\School\Application Data\Avira 2011-07-01 16:48 . 2011-07-01 16:46 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-07-01 16:48 . 2011-07-01 16:46 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-07-01 16:48 . 2011-07-01 16:46 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2011-07-01 16:48 . 2011-07-01 16:46 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2011-07-01 16:48 . 2011-07-01 16:48 -------- d-----w- c:\program files\Avira 2011-07-01 16:27 . 2011-07-01 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\ZA_PreservedFiles 2011-06-28 14:25 . 2011-06-28 14:25 -------- d-----w- C:\_OTM 2011-06-23 23:37 . 2011-06-24 01:13 -------- d-----w- c:\documents and settings\School\DoctorWeb 2011-06-23 18:05 . 2011-06-23 18:05 -------- d-----w- c:\documents and settings\School\Application Data\IObit 2011-06-23 18:02 . 2011-06-23 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit 2011-06-23 18:02 . 2011-06-23 18:05 -------- d-----w- c:\program files\IObit 2011-06-18 14:56 . 2011-07-05 14:55 -------- d-----w- c:\documents and settings\School\Local Settings\Application Data\ZoneAlarm_Security 2011-06-18 14:56 . 2011-06-23 15:49 -------- d-----w- c:\program files\ZoneAlarm_Security 2011-06-18 14:56 . 2011-03-18 05:24 69120 ----a-w- c:\windows\system32\zlcomm.dll 2011-06-18 14:56 . 2011-03-18 05:24 104448 ----a-w- c:\windows\system32\zlcommdb.dll 2011-06-18 14:55 . 2011-03-18 05:24 43008 ----a-w- c:\windows\system32\vswmi.dll 2011-06-18 14:55 . 2011-03-18 05:24 1238528 ----a-w- c:\windows\system32\zpeng25.dll 2011-06-15 07:06 . 2011-06-27 13:38 -------- d-----w- c:\windows\SxsCaPendDel 2011-06-15 06:18 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-08 21:31 . 2011-05-18 21:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-29 13:11 . 2009-06-18 20:29 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11 . 2009-06-18 20:29 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-02 15:31 . 2009-05-29 18:28 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25 . 2004-08-04 10:00 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19 . 2004-08-04 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-26 14:11 . 2007-08-13 22:54 11081728 ----a-w- c:\windows\system32\ieframe.dll 2011-04-25 16:11 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01 . 2004-08-04 10:00 173568 ------w- c:\windows\system32\ie4uinit.exe 2011-04-25 12:01 . 2004-08-04 10:00 385024 ------w- c:\windows\system32\html.iec 2011-04-21 13:37 . 2004-08-04 10:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys 2011-06-16 04:17 . 2011-06-26 21:47 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-06-23_19.02.11 ))))))))))))))))))))))))))))))))))))))))) . + 2011-07-08 19:06 . 2011-07-08 19:06 16384 c:\windows\Temp\Perflib_Perfdata_6fc.dat + 2011-07-08 19:06 . 2011-07-08 19:06 16384 c:\windows\Temp\Perflib_Perfdata_6ac.dat + 2004-08-04 10:00 . 2011-07-08 19:11 76522 c:\windows\system32\perfc009.dat - 2004-08-04 10:00 . 2011-06-23 18:42 76522 c:\windows\system32\perfc009.dat + 2011-07-01 16:48 . 2011-07-01 16:46 28520 c:\windows\system32\drivers\ssmdrv.sys - 2010-09-24 15:55 . 2010-09-24 15:53 28520 c:\windows\system32\drivers\ssmdrv.sys + 2011-06-29 18:56 . 2011-06-29 18:56 19968 c:\windows\Installer\aba99.msi + 2011-07-07 21:03 . 2011-07-07 21:03 2560 c:\windows\_MSRSTRT.EXE - 2004-08-04 10:00 . 2011-06-23 18:42 457776 c:\windows\system32\perfh009.dat + 2004-08-04 10:00 . 2011-07-08 19:11 457776 c:\windows\system32\perfh009.dat + 2008-12-05 06:54 . 2011-04-29 17:25 151552 c:\windows\system32\dllcache\schannel.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}] 2011-03-28 16:22 176936 ----a-w- c:\program files\ZoneAlarm_Security\prxtbZone.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936] . [HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "c:\program files\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936] . [HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2011-02-01 206120] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-07-01 281768] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Citrix Access Gateway.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Citrix Access Gateway.lnk backup=c:\windows\pss\Citrix Access Gateway.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk backup=c:\windows\pss\VPN Client.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] 2005-09-20 13:32 77824 -c--a-w- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] 2005-09-20 13:36 114688 -c--a-w- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] 2005-09-20 13:35 94208 -c--a-w- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] 2008-10-24 13:14 206112 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2004-10-14 18:42 1404928 -c--a-w- c:\program files\Analog Devices\Core\smax4pnp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 15:44 248552 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe] 2007-05-11 19:20 2061816 ----a-w- c:\program files\Verizon\VSP\VerizonServicepoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp] 2007-09-28 18:30 936960 -c--a-w- c:\program files\Verizon\McciTrayApp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection] 2010-04-01 03:34 243000 ----a-w- c:\program files\Yahoo!\Search Protection\YspService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SeaPort"=2 (0x2) "ose"=3 (0x3) "odserv"=3 (0x3) "nsverctl"=2 (0x2) "McciCMService"=2 (0x2) "Interactive Update Client"=2 (0x2) "ININ Tracing"=2 (0x2) "idsvc"=3 (0x3) "IDriverT"=3 (0x3) "fsssvc"=3 (0x3) "CVPND"=2 (0x2) "Brother XP spl Service"=2 (0x2) "B-Service"=3 (0x3) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\PdaNet 4.12\\PdaNet.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Interactive Intelligence\\ICUserApps\\InteractionClient.exe"= . R1 NEOFLTR_540_11529;Juniper Networks TDI Filter Driver (NEOFLTR_540_11529);c:\windows\system32\drivers\NEOFLTR_540_11529.sys [1/29/2007 9:33 PM 57591] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 6:00 AM 14336] R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [7/1/2011 12:48 PM 340136] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/1/2011 12:48 PM 136360] R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [7/1/2011 12:48 PM 428200] R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [2/1/2011 5:54 AM 206120] R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [2/1/2011 5:54 AM 185640] R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [6/10/2009 12:49 PM 8576] R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [3/27/2009 12:08 PM 33920] S3 B-Service;B-Service;c:\documents and settings\AA_MBoone\Local Settings\Temporary Internet Files\Content.IE5\R7THQ64E\B-Service.exe --> c:\documents and settings\AA_MBoone\Local Settings\Temporary Internet Files\Content.IE5\R7THQ64E\B-Service.exe [?] S3 ctxva51;Citrix Virtual Adapter;c:\windows\system32\drivers\ctxva51.sys [5/10/2010 12:40 PM 41624] S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [9/1/2009 11:31 PM 10752] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/18/2009 4:29 PM 39984] S3 palmmdm;Palm Modem;c:\windows\system32\drivers\palmmdm.sys [1/30/2006 1:42 PM 9728] S4 ININ Tracing;ININ Tracing Initialization;c:\program files\Interactive Intelligence\ININ Trace Initialization\i3trace_initializer-w32r-1-1.exe [3/19/2010 2:15 PM 36352] S4 Interactive Update Client;Interactive Update Client;c:\program files\Interactive Intelligence\Interactive Update\ININ.UpdateClientService.exe [1/25/2010 2:17 PM 298152] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2011-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1958367476-839522115-1005Core.job - c:\documents and settings\School\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-05 20:58] . 2011-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1958367476-839522115-1005UA.job - c:\documents and settings\School\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-05 20:58] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.wet-llc.org/ LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.1.1 DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} - hxxps://as00.estara.com/UI/proxyhttps.php?a=downloads.estara.com./&hash=3d896b1f06236caf624493c8cb1c2a53&url=http%3A%2F%2Fd.66.155.171.174.downloads.estara.com.%2Fas%2FOneCCDM.php&template=386083&sessionid=413316141_66.155.171.174_41116&=&req=1250287932365OneCC.cab DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} - hxxp://static1.meetupstatic.com/applet/MeetUploader_200909.cab FF - ProfilePath - c:\documents and settings\School\Application Data\Mozilla\Firefox\Profiles\61det6mv.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.wet-llc.org/ FF - prefs.js: network.proxy.ftp - FF - prefs.js: network.proxy.gopher - FF - prefs.js: network.proxy.http - FF - prefs.js: network.proxy.socks - FF - prefs.js: network.proxy.ssl - FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . HKLM-Run-ZoneAlarm Client - c:\program files\Zone Labs\ZoneAlarm\zlclient.exe AddRemove-ZoneAlarm - c:\program files\Zone Labs\ZoneAlarm\zauninst.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-08 15:08 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(756) c:\program files\Avira\AntiVir Desktop\avsda.dll . - - - - - - - > 'explorer.exe'(3496) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\wwSecure.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe . ************************************************************************** . Completion time: 2011-07-08 15:16:36 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-08 19:16 ComboFix2.txt 2011-07-07 23:22 ComboFix3.txt 2011-06-23 19:08 . Pre-Run: 39,567,417,344 bytes free Post-Run: 29,321,003,008 bytes free . - - End Of File - - A73FF6026CDF6BBBB7F038D0DED1A2EB
  4. ComboFix log: ComboFix 11-07-07.05 - School 07/07/2011 19:03:46.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.908 [GMT -4:00] Running from: c:\documents and settings\School\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE} . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\School\GoToAssistDownloadHelper.exe c:\windows\system32\agpbrdg0.dll c:\windows\system32\itlpfw32.dll c:\windows\system32\rxx5ot.dll c:\windows\system32\sebdpx.sys c:\windows\system32\winm64.sys . . ((((((((((((((((((((((((( Files Created from 2011-06-07 to 2011-07-07 ))))))))))))))))))))))))))))))) . . 2011-07-07 23:12 . 2011-07-07 23:12 0 ----a-w- c:\windows\system32\vmdesched.sys 2011-07-07 23:12 . 2011-07-07 23:12 0 ----a-w- c:\windows\system32\se500mdm.dll 2011-07-07 23:12 . 2011-07-07 23:12 0 ----a-w- c:\windows\system32\satau325.sys 2011-07-07 23:12 . 2011-07-07 23:12 0 ----a-w- c:\windows\system32\ramvxt.sys 2011-07-07 23:12 . 2011-07-07 23:12 0 ----a-w- c:\windows\system32\mmxeroxk.dll 2011-07-07 23:12 . 2011-07-07 23:12 0 ----a-w- c:\windows\system32\logon16x.dll 2011-07-07 23:12 . 2011-07-07 23:12 0 ----a-w- c:\windows\system32\cdscsix3.dll 2011-07-07 23:12 . 2011-07-07 23:12 0 ----a-w- c:\windows\system32\asusrx20.dll 2011-07-07 22:50 . 2011-07-07 23:19 -------- d-----w- C:\ComboFix 2011-07-07 21:03 . 2011-07-07 21:03 2560 ----a-w- c:\windows\_MSRSTRT.EXE 2011-07-07 21:02 . 2011-07-07 21:02 -------- d-----w- c:\documents and settings\School\Local Settings\Application Data\Learn.com 2011-07-01 23:39 . 2011-07-01 23:40 -------- d-----w- c:\program files\Speccy 2011-07-01 16:51 . 2011-07-01 16:51 -------- d-----w- c:\documents and settings\School\Application Data\Avira 2011-07-01 16:48 . 2011-07-01 16:46 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-07-01 16:48 . 2011-07-01 16:46 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-07-01 16:48 . 2011-07-01 16:46 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2011-07-01 16:48 . 2011-07-01 16:46 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2011-07-01 16:48 . 2011-07-01 16:48 -------- d-----w- c:\program files\Avira 2011-07-01 16:27 . 2011-07-01 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\ZA_PreservedFiles 2011-06-28 14:25 . 2011-06-28 14:25 -------- d-----w- C:\_OTM 2011-06-23 23:37 . 2011-06-24 01:13 -------- d-----w- c:\documents and settings\School\DoctorWeb 2011-06-23 18:05 . 2011-06-23 18:05 -------- d-----w- c:\documents and settings\School\Application Data\IObit 2011-06-23 18:02 . 2011-06-23 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit 2011-06-23 18:02 . 2011-06-23 18:05 -------- d-----w- c:\program files\IObit 2011-06-19 19:25 . 2011-06-19 19:25 -------- d-sh--w- c:\windows\CSC 2011-06-18 14:56 . 2011-07-05 14:55 -------- d-----w- c:\documents and settings\School\Local Settings\Application Data\ZoneAlarm_Security 2011-06-18 14:56 . 2011-06-23 15:49 -------- d-----w- c:\program files\ZoneAlarm_Security 2011-06-18 14:56 . 2011-03-18 05:24 69120 ----a-w- c:\windows\system32\zlcomm.dll 2011-06-18 14:56 . 2011-03-18 05:24 104448 ----a-w- c:\windows\system32\zlcommdb.dll 2011-06-18 14:55 . 2011-03-18 05:24 1238528 ----a-w- c:\windows\system32\zpeng25.dll 2011-06-15 07:06 . 2011-06-27 13:38 -------- d-----w- c:\windows\SxsCaPendDel 2011-06-15 06:18 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-08 21:31 . 2011-05-18 21:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-29 13:11 . 2009-06-18 20:29 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11 . 2009-06-18 20:29 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-02 15:31 . 2009-05-29 18:28 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25 . 2004-08-04 10:00 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19 . 2004-08-04 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-26 14:11 . 2007-08-13 22:54 11081728 ----a-w- c:\windows\system32\ieframe.dll 2011-04-25 16:11 . 2006-03-18 11:09 1211904 ----a-w- c:\windows\system32\urlmon.dll 2011-04-25 16:11 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01 . 2004-08-04 10:00 385024 ------w- c:\windows\system32\html.iec 2011-04-21 13:37 . 2004-08-04 10:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys 2011-06-16 04:17 . 2011-06-26 21:47 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-06-23_19.02.11 ))))))))))))))))))))))))))))))))))))))))) . + 2011-07-07 22:31 . 2011-07-07 22:31 16384 c:\windows\Temp\Perflib_Perfdata_6f4.dat + 2011-07-07 22:30 . 2011-07-07 22:30 16384 c:\windows\Temp\Perflib_Perfdata_6b0.dat + 2004-08-04 10:00 . 2011-07-07 22:34 76522 c:\windows\system32\perfc009.dat - 2004-08-04 10:00 . 2011-06-23 18:42 76522 c:\windows\system32\perfc009.dat + 2011-07-01 16:48 . 2011-07-01 16:46 28520 c:\windows\system32\drivers\ssmdrv.sys - 2010-09-24 15:55 . 2010-09-24 15:53 28520 c:\windows\system32\drivers\ssmdrv.sys + 2011-06-29 18:56 . 2011-06-29 18:56 19968 c:\windows\Installer\aba99.msi + 2011-07-07 21:03 . 2011-07-07 21:03 2560 c:\windows\_MSRSTRT.EXE - 2004-08-04 10:00 . 2011-06-23 18:42 457776 c:\windows\system32\perfh009.dat + 2004-08-04 10:00 . 2011-07-07 22:34 457776 c:\windows\system32\perfh009.dat + 2008-12-05 06:54 . 2011-04-29 17:25 151552 c:\windows\system32\dllcache\schannel.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}] 2011-03-28 16:22 176936 ----a-w- c:\program files\ZoneAlarm_Security\prxtbZone.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936] . [HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "c:\program files\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936] . [HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Citrix Access Gateway.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Citrix Access Gateway.lnk backup=c:\windows\pss\Citrix Access Gateway.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk backup=c:\windows\pss\VPN Client.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SeaPort"=2 (0x2) "ose"=3 (0x3) "odserv"=3 (0x3) "nsverctl"=2 (0x2) "McciCMService"=2 (0x2) "Interactive Update Client"=2 (0x2) "ININ Tracing"=2 (0x2) "idsvc"=3 (0x3) "IDriverT"=3 (0x3) "fsssvc"=3 (0x3) "CVPND"=2 (0x2) "Brother XP spl Service"=2 (0x2) "B-Service"=3 (0x3) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\PdaNet 4.12\\PdaNet.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Interactive Intelligence\\ICUserApps\\InteractionClient.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1033:TCP"= 1033:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . R1 NEOFLTR_540_11529;Juniper Networks TDI Filter Driver (NEOFLTR_540_11529);c:\windows\system32\drivers\NEOFLTR_540_11529.sys [1/29/2007 9:33 PM 57591] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 6:00 AM 14336] R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [7/1/2011 12:48 PM 340136] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/1/2011 12:48 PM 136360] R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [7/1/2011 12:48 PM 428200] R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [2/1/2011 5:54 AM 206120] R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [2/1/2011 5:54 AM 185640] R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [6/10/2009 12:49 PM 8576] R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [3/27/2009 12:08 PM 33920] S3 B-Service;B-Service;c:\documents and settings\AA_MBoone\Local Settings\Temporary Internet Files\Content.IE5\R7THQ64E\B-Service.exe --> c:\documents and settings\AA_MBoone\Local Settings\Temporary Internet Files\Content.IE5\R7THQ64E\B-Service.exe [?] S3 ctxva51;Citrix Virtual Adapter;c:\windows\system32\drivers\ctxva51.sys [5/10/2010 12:40 PM 41624] S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [9/1/2009 11:31 PM 10752] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/18/2009 4:29 PM 39984] S3 palmmdm;Palm Modem;c:\windows\system32\drivers\palmmdm.sys [1/30/2006 1:42 PM 9728] S4 ININ Tracing;ININ Tracing Initialization;c:\program files\Interactive Intelligence\ININ Trace Initialization\i3trace_initializer-w32r-1-1.exe [3/19/2010 2:15 PM 36352] S4 Interactive Update Client;Interactive Update Client;c:\program files\Interactive Intelligence\Interactive Update\ININ.UpdateClientService.exe [1/25/2010 2:17 PM 298152] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2011-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1958367476-839522115-1005Core.job - c:\documents and settings\School\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-05 20:58] . 2011-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1958367476-839522115-1005UA.job - c:\documents and settings\School\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-05 20:58] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.wet-llc.org/ LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.1.1 DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} - hxxps://as00.estara.com/UI/proxyhttps.php?a=downloads.estara.com./&hash=3d896b1f06236caf624493c8cb1c2a53&url=http%3A%2F%2Fd.66.155.171.174.downloads.estara.com.%2Fas%2FOneCCDM.php&template=386083&sessionid=413316141_66.155.171.174_41116&=&req=1250287932365OneCC.cab DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} - hxxp://static1.meetupstatic.com/applet/MeetUploader_200909.cab FF - ProfilePath - c:\documents and settings\School\Application Data\Mozilla\Firefox\Profiles\61det6mv.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.wet-llc.org/ FF - prefs.js: network.proxy.ftp - FF - prefs.js: network.proxy.gopher - FF - prefs.js: network.proxy.http - FF - prefs.js: network.proxy.socks - FF - prefs.js: network.proxy.ssl - FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-07 19:18 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(700) c:\windows\system32\igfxdev.dll . - - - - - - - > 'lsass.exe'(756) c:\program files\Avira\AntiVir Desktop\avsda.dll . Completion time: 2011-07-07 19:22:21 ComboFix-quarantined-files.txt 2011-07-07 23:22 ComboFix2.txt 2011-06-23 19:08 . Pre-Run: 39,506,960,384 bytes free Post-Run: 39,557,767,168 bytes free . - - End Of File - - 1E17736FD139E28275A188CE2EBF9BD7
  5. Hello. Welcome back. Here is the copy and paste: Adapters List Citrix Virtual Adapter - Packet Scheduler Miniport IP Address 0.0.0.0 Subnet mask 0.0.0.0 IntelĀ® PRO/100 VE Network Connection - Packet Scheduler Miniport IP Address 192.168.1.15 Subnet mask 255.255.255.0 Gateway server 192.168.1.1 What should I do now?
  6. Here's a new finding: The hangup appears to happen when I'm on any one particular site and I try to go to another (after the first 10min). I was just on Constant Contact's website for over 10mins then I tried to go to Chartway's and it said page could not be displayed. I also tried yahoo's and this forum's site, same thing. It would allow me to hit the back button and roam any part Constanct Contact, even links I hadn't clicked before, but I couldn't go to another site.
  7. The message at your link said: Sorry, the page you're looking for can't be found It referred me to http://www.piriform.com/speccy for Speccy, which is charging $24.95. From there you could also link to http://www.piriform.com/speccy/download/standard which provided the free download. Attached is the snapshot. How should I proceed now? Thank you. ANUDAI-50673BAD.zip
  8. No, this also did not resolve the problem. I also fully uninstalled Avira and ZoneAlarm, rebooted and reinstalled them, thinking maybe they were blocking something from when the virus was originally detected. ...it didn't help. Another screen I sometimes get on IE after the connection has dropped says: The page cannot be displayed. To attempt fixing network connectivity problems, click Tools, and then click "Diagnose Connection Problems... (then it gives other instructions to try) Lastly, it says Cannot find server or DNS Error Internet Explorer Any other suggestions please? I appreciate your help. /I lost my job today for being out of work for 2 weeks because of this issue.
  9. I have completed all steps in post #49 (CCleaner, Disk Check, Cleanup & Defrag). Still the internet cuts out about 20 minutes after rebooting. Sometimes the IE message says Cannot display webpage; sometimes it says Cannot connect to server; other times it just says Connecting... and never goes away. Chrome says No data received Unable to load the webpage because the server sent no data. Error 324 (net::ERR_EMPTY_RESPONSE): The server closed the connection without sending any data.
  10. It appears that it completed the disk cleanup once, then it cycled through again, giving that same message above. I canceled and closed. It did not reboot. I perform a Disk Cleanup and Defrag monthly through Start>All Programs>Accessories>System Tools. Would you like me to complete this now?
  11. The defrag has started, but before the Disk Cleanup Settings box came up, the command window displayed a message: ' ' is not recognized as an internal or external command, operable program or batch file.' @echo' is not recognized as an internal or external command, operable program or batch file.Also, I left the default boxes checked on the Disk Cleanup Settings box, which were only Downloaded Program Files and Temporary Internet Files. There were 11 other unchecked boxes.
  12. I tried from all three links above, but after clicking Run, it gives me the error message: Fix it Center Setup encountered an error An unexpected error has occurred. Please close and try to run Setup again later.
  13. My desktop computer has 1.25 GB of RAM. I am checking out the Microsoft Fix it Center Online now.
  14. The 60-100% I'm seeing is actually the opposite. The computer is using that much usage and only has 40%-0% idle process. It doesn't seem to be doing it right now, but I did want to bring it to your attention, since it was happening when I wasn't using the computer. The page cannot display message appears to happen on any webpage, secure or not. I will play around with it more and report any different findings, if any. Procexp.txt log: Process PID CPU Private Bytes Working Set Description Company Name Command Line System Idle Process 0 81.25 0 K 16 K System 4 0 K 212 K Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs smss.exe 488 168 K 416 K Windows NT Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe csrss.exe 536 6.25 1,728 K 4,048 K Client Server Runtime Process Microsoft Corporation C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 winlogon.exe 560 7,040 K 4,504 K Windows NT Logon Application Microsoft Corporation winlogon.exe services.exe 604 1,776 K 3,520 K Services and Controller app Microsoft Corporation C:\WINDOWS\system32\services.exe svchost.exe 784 3,100 K 5,128 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k DcomLaunch wmiprvse.exe 1812 1,912 K 4,968 K WMI Microsoft Corporation C:\WINDOWS\system32\wbem\wmiprvse.exe svchost.exe 840 1.56 1,852 K 4,552 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k rpcss svchost.exe 932 1.56 21,576 K 33,392 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k netsvcs wuauclt.exe 528 10,576 K 41,160 K Windows Update Microsoft Corporation "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[3a4]SUSDS1ee5df1fbbb2e24bb85668202959ef39 wuauclt.exe 3156 7.81 2,252 K 4,248 K Windows Update Microsoft Corporation svchost.exe 996 1,376 K 3,828 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k NetworkService svchost.exe 1120 1,604 K 4,156 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService vsmon.exe 1208 18,348 K 20,476 K TrueVector Service Check Point Software Technologies LTD C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service spoolsv.exe 1504 3,720 K 5,432 K Spooler SubSystem App Microsoft Corporation C:\WINDOWS\system32\spoolsv.exe sched.exe 1552 3,908 K 224 K Antivirus Scheduler Avira GmbH "C:\Program Files\Avira\AntiVir Desktop\sched.exe" svchost.exe 1628 1,288 K 3,788 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService avguard.exe 1684 109,340 K 91,556 K Antivirus On-Access Service Avira GmbH "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" avshadow.exe 124 628 K 2,824 K AntiVir shadow copy service Avira GmbH "C:\Program Files\Avira\AntiVir Desktop\avshadow.exe" avshadowcontrol0_00000694 jqs.exe 1744 2,068 K 1,408 K Java Quick Starter Service Sun Microsystems, Inc. "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" svchost.exe 1796 1,008 K 2,960 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k HPZ12 nsverctl.exe 1872 2,376 K 4,464 K Citrix Access Gateway Plug-in Citrix Systems, Inc "C:\Program Files\Citrix\Secure Access Client\nsverctl.exe" svchost.exe 1988 992 K 2,928 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k HPZ12 sprtsvc.exe 2024 3,028 K 1,372 K SupportSoft Agent Service SupportSoft, Inc. "C:\Program Files\VERIZONDM\bin\sprtsvc.exe" /service /p verizondm svchost.exe 200 2,664 K 4,536 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k imgsvc tgsrvc.exe 248 1,108 K 4,116 K SupportSoft Repair Service SupportSoft, Inc. "C:\Program Files\VERIZONDM\bin\tgsrvc.exe" /p verizondm wwSecure.exe 448 756 K 2,972 K Washer Security Service Webroot Software, Inc. C:\WINDOWS\system32\wwSecure.exe YahooAUService.exe 680 4,704 K 7,312 K AutoUpater Service Module Yahoo! Inc. "C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe" avmailc.exe 2780 1,812 K 292 K Antivirus MailScanner Service Avira GmbH "C:\Program Files\Avira\AntiVir Desktop\avmailc.exe" avwebgrd.exe 2984 5,892 K 9,852 K AntiVir WebGuard Service Avira GmbH "C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE" alg.exe 4036 1,260 K 3,892 K Application Layer Gateway Service Microsoft Corporation C:\WINDOWS\System32\alg.exe svchost.exe 3228 6,980 K 11,268 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k Akamai lsass.exe 616 4,000 K 6,620 K LSA Shell (Export Version) Microsoft Corporation C:\WINDOWS\system32\lsass.exe explorer.exe 1940 3.13 17,104 K 25,620 K Windows Explorer Microsoft Corporation C:\WINDOWS\Explorer.EXE YMailAdvisor.exe 2308 428 K 1,896 K Yahoo! Mail Advisor Yahoo! Inc. "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe" avgnt.exe 2324 6,672 K 5,072 K Antivirus System Tray Tool Avira GmbH "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min reader_sl.exe 2332 700 K 2,852 K Adobe Acrobat SpeedLauncher Adobe Systems Incorporated "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" sprtcmd.exe 2356 12,400 K 1,488 K SupportSoft, Inc. "C:\Program Files\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM zlclient.exe 2364 14,352 K 4,596 K ZoneAlarm Client Check Point Software Technologies LTD "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ctfmon.exe 2380 856 K 3,212 K CTF Loader Microsoft Corporation "C:\WINDOWS\system32\ctfmon.exe" nsload.exe 2400 4,724 K 8,536 K Citrix Access Gateway Plug-in Citrix Systems, Inc "C:\Program Files\Citrix\Secure Access Client\nsload.exe" /noDisplayLogin iexplore.exe 1736 10,504 K 19,300 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\iexplore.exe" iexplore.exe 2524 46,644 K 59,048 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1736 CREDAT:14337 iexplore.exe 2260 33,156 K 42,788 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1736 CREDAT:79873 procexp.exe 3404 10,804 K 15,512 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Documents and Settings\School\Desktop\ProcessExplorer\procexp.exe" How should I proceed now? Thank you.
  15. My CPU green light is blinking rapidly. The CPU Usage is jumping around from 60-100%, but there aren't any applications opened. I know you said svchost.exe is a normal file, but I've never seen so many in the processes at once. Right now there are 10 between the users Local Service, Network Service and System. Totaling about 70,000 K of Mem Usage at this time. Could this high Performance be due to this and/or the remaining parts of the virus (which also disables some of my web access)? Thank you.