Member Avatar for scrapple

Upon booting up my laptop today, Avast started showing me an alert for a "Malicious URL" even though I had no applications started and had not yet performed any actions. The popup message indicated that the site trying to be reached was 68.178.232.99/wpad.dat and the process trying to reach it was c:\Windows\system32\svchost.exe. ("screenshot attached called Avast Alert 110326.bmp")

Following the instructions on the sticky, I downloaded all the recommended software and started the cleaning process.

First I ran the Windows malicious software removal tool... unfortunately, it encountered an error when it attempted to scan Windows Media Player (screenshot attached called "Windows Mal Error 110326.jpg"). I ran it again and encountered the same error at the same point.

Ran ATF-Cleaner.exe

Ran GMER Rootkit Scanner - didn't appear to find anything

Ran Malwarebytes - didn't find anything

Ran DDS - logs attached


Here are the logs:

Malwarebytes
------

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6179

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

3/27/2011 12:53:16 AM
mbam-log-2011-03-27 (00-53-16).txt

Scan type: Full scan (C:\|Q:\|)
Objects scanned: 357096
Time elapsed: 34 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER One was empty

GMER Two
-------

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-03-27 00:04:48
Windows 6.1.7601 Service Pack 1
Running: 5flwxmve.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f74a
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffaf848ee
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f74a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffaf848ee (not active ControlSet)

---- EOF - GMER 1.0.15 ----


DDS
-----

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Peter at 1:33:15.02 on Sun 03/27/2011
Internet Explorer: 8.0.7601.17514
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16316.13647 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files (x86)\Minitab\License Manager\lmgrd.exe
C:\Windows\system32\conhost.exe
c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Minitab\License Manager\lmgrd.exe
C:\Program Files (x86)\Minitab\License Manager\minitab.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
C:\Program Files (x86)\Lenovo\Client Security Solution\password_manager.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
C:\Program Files\Synaptics\SynTP\syntpenh.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Windows\System32\taskmgr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Users\Peter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Peter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Peter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Peter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Peter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Peter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Peter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Peter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Peter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Peter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\mobsync.exe
C:\Users\Peter\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://mail.masterycharter.org/owa
uDefault_Page_URL = hxxp://lenovo.msn.com
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Google Update] "C:\Users\Peter\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Peter\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TASKMA~1.LNK - C:\Windows\System32\taskmgr.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableInstallerDetection = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableVirtualization = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
mPolicies-system: HideStartupScripts = 1 (0x1)
mPolicies-system: MaxGPOScriptWait = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [TpShocks] TpShocks.exe
mRun-x64: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
mRun-x64: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
mRun-x64: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2011-1-6 30320]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2010-6-16 23664]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-3-26 505176]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-1-12 280408]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2011-1-12 15472]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-1-12 22360]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-1-12 64344]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-3-26 42184]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2011-1-6 50536]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2011-1-12 45496]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-1-6 74088]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2010-7-30 93032]
R2 Minitab License Manager;Minitab License Manager;C:\Program Files (x86)\Minitab\License Manager\lmgrd.exe [2010-3-23 1339392]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2010-4-30 6237800]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2011-1-6 61952]
R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-3-13 13840]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2011-1-12 114024]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\tphksvc.exe [2011-1-12 64440]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-9-29 12728]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-1-6 2533400]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-2-3 427192]
R3 5U877;USB Video Device;C:\Windows\System32\drivers\5U877.sys [2011-1-6 163072]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2011-1-6 292864]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2011-1-12 295600]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-1-6 56344]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETwNs64.sys [2010-10-18 8153088]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-1-22 77824]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-1-22 180224]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2011-1-6 131688]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2009-10-8 41536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-4-3 428384]
S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-2-26 401920]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-1-6 35104]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-1-6 164200]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PCDSRVC{127174DC-C366ED8B-06020101}_0;PCDSRVC{127174DC-C366ED8B-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor\pcdsrvc_x64.pkms [2010-11-11 25072]
S3 pmxdrv;pmxdrv;C:\Windows\System32\drivers\pmxdrv.sys [2011-1-6 31152]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-1-6 75112]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-13 59392]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-9-29 126392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-12 1255736]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\System32\drivers\WSDPrint.sys [2009-7-13 23040]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 RsFx0150;RsFx0150 Driver;C:\Windows\System32\drivers\RsFx0150.sys [2010-4-3 313696]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-03-27 05:15:59 -------- d-----w- C:\Users\Peter\AppData\Local\Adobe
2011-03-27 01:42:36 -------- d-----w- C:\Users\Peter\AppData\Roaming\Malwarebytes
2011-03-27 01:42:31 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-27 01:42:31 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-03-27 01:42:28 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-03-27 01:42:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-03-27 01:33:41 505176 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-03-25 06:46:05 8424784 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{912C8B5F-B155-4B9E-9FA7-F7B9E647B701}\mpengine.dll
2011-03-23 12:44:47 24416 ------r- C:\Windows\System32\AdobePDFUI.dll
2011-03-14 02:06:07 197120 ------w- C:\Windows\System32\d3d10_1.dll
2011-03-14 02:06:07 161792 ------w- C:\Windows\SysWow64\d3d10_1.dll
2011-03-14 01:40:50 -------- d-----w- C:\Windows\System32\SPReview
2011-03-14 01:40:15 -------- d-----w- C:\Windows\System32\EventProviders
2011-03-14 01:37:59 522752 ------w- C:\Windows\SysWow64\d3d11.dll
2011-03-14 01:36:59 61440 ------w- C:\Windows\System32\drivers\appid.sys
2011-03-14 01:35:41 422912 ------w- C:\Windows\System32\drvstore.dll
2011-03-14 01:35:41 399872 ------w- C:\Windows\System32\dpx.dll
2011-03-14 01:05:49 -------- d-----w- C:\Windows\System32\appmgmt
2011-03-14 00:58:38 -------- d-----w- C:\Users\Peter\AppData\Roaming\Macrovision
2011-03-12 16:25:02 -------- d-----w- C:\Program Files (x86)\Minitab 15
2011-03-12 15:39:47 -------- d-----w- C:\Users\Peter\AppData\Local\Programs
2011-03-12 15:32:40 -------- d-----w- C:\Program Files (x86)\Minitab
2011-03-12 15:20:56 -------- d-----w- C:\Users\Peter\AppData\Local\Downloaded Installations
2011-03-11 18:48:36 52568 ------w- C:\Windows\System32\AdobePDF.dll
2011-03-09 20:00:24 -------- d-----w- C:\Users\Peter\AppData\Roaming\Cisco
2011-03-09 19:59:18 -------- d-----w- C:\PROGRA~3\Cisco
2011-03-05 12:52:30 -------- d--h--w- C:\Windows\System32\CanonMF Uninstaller Information
2011-03-05 12:52:28 98816 ------w- C:\Windows\System32\CNCLSC34b.DLL
2011-03-05 12:52:28 85504 ------w- C:\Windows\System32\CNCI4320.DLL
2011-03-05 12:52:28 49664 ------w- C:\Windows\System32\CNCLSO34b.dll
2011-03-05 12:52:28 336896 ------w- C:\Windows\System32\CNCC4320.DLL
2011-03-05 12:52:28 244736 ------w- C:\Windows\System32\CNCLSU34b.DLL
2011-03-05 12:52:28 154112 ------w- C:\Windows\System32\CNCLSD34b.DLL
2011-03-05 12:52:28 148480 ------w- C:\Windows\System32\CNCL4320.DLL
2011-03-05 12:52:28 135680 ------w- C:\Windows\System32\CNCE4320.DLL
2011-03-05 12:52:28 125952 ------w- C:\Windows\System32\CNCLST34b.DLL
2011-03-05 12:52:28 109568 ------w- C:\Windows\System32\CNCLSI34b.DLL
2011-03-05 12:52:20 -------- d-----w- C:\Program Files\Canon
2011-03-04 21:38:53 -------- d-----w- C:\Users\Peter\AppData\Local\ElevatedDiagnostics
2011-03-02 17:00:13 -------- d-----r- C:\Users\Peter\AppData\Roaming\Brother
2011-02-26 11:16:16 -------- d-----w- C:\Program Files (x86)\Common Files\Config
2011-02-26 11:16:04 -------- d-----w- C:\Program Files (x86)\Common Files\Inet
2011-02-26 11:13:22 -------- d-----w- C:\Program Files (x86)\Common Files\AnswerWorks 5.0
2011-02-26 11:13:17 4199784 ------w- C:\Windows\SysWow64\cdintf400.dll
2011-02-26 11:12:54 -------- d-----w- C:\Program Files (x86)\Common Files\Intuit
2011-02-26 11:12:52 -------- d-----w- C:\Users\Peter\AppData\Roaming\Intuit
2011-02-26 11:12:52 -------- d-----w- C:\Program Files (x86)\Quicken
2011-02-26 11:12:23 -------- d-----w- C:\PROGRA~3\Intuit
2011-02-26 11:09:31 -------- d-----w- C:\PROGRA~3\Amazon
2011-02-26 11:08:59 -------- d-----w- C:\Program Files (x86)\Amazon
2011-02-25 19:10:24 -------- d-----w- C:\Users\Peter\AppData\Roaming\webex
2011-02-25 19:08:04 -------- d-----w- C:\PROGRA~3\Webex
.
==================== Find3M ====================
.
2011-03-14 01:44:49 175616 ------w- C:\Windows\System32\msclmd.dll
2011-03-14 01:44:49 152576 ------w- C:\Windows\SysWow64\msclmd.dll
2011-02-23 14:04:21 40648 ----a-w- C:\Windows\avastSS.scr
2011-02-23 13:55:05 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-02-19 12:05:15 1139200 ------w- C:\Windows\System32\FntCache.dll
2011-02-19 12:04:37 1544192 ------w- C:\Windows\System32\DWrite.dll
2011-02-19 12:04:17 902656 ------w- C:\Windows\System32\d2d1.dll
2011-02-19 06:30:51 1076736 ------w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 06:30:50 739840 ------w- C:\Windows\SysWow64\d2d1.dll
2011-02-02 22:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-01-07 12:17:52 475648 ------w- C:\Windows\System32\XpsGdiConverter.dll
2011-01-07 12:17:52 1465344 ------w- C:\Windows\System32\XpsPrint.dll
2011-01-07 12:14:11 46080 ------w- C:\Windows\System32\atmlib.dll
2011-01-07 09:51:01 1638912 ------w- C:\Windows\System32\mshtml.tlb
2011-01-07 09:20:44 366592 ------w- C:\Windows\System32\atmfd.dll
2011-01-07 07:46:34 870912 ------w- C:\Windows\SysWow64\XpsPrint.dll
2011-01-07 07:46:34 288256 ------w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-01-07 07:45:57 34304 ------w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 06:01:22 1638912 ------w- C:\Windows\SysWow64\mshtml.tlb
2011-01-07 05:43:36 294400 ------w- C:\Windows\SysWow64\atmfd.dll
2011-01-06 21:37:14 1444 ------w- C:\Windows\MFGCLEAN.CMD
2011-01-06 21:35:51 129784 ------w- C:\Windows\SysWow64\pxafs.dll
2011-01-06 21:35:51 118520 ------w- C:\Windows\SysWow64\pxinsi64.exe
2011-01-06 21:35:51 116472 ------w- C:\Windows\SysWow64\pxcpyi64.exe
2011-01-06 21:08:25 31152 ------w- C:\Windows\System32\drivers\pmxdrv.sys
2011-01-05 10:34:00 612864 ------w- C:\Windows\System32\vbscript.dll
2011-01-05 06:56:24 3129344 ------w- C:\Windows\System32\win32k.sys
2011-01-05 05:55:55 428032 ------w- C:\Windows\SysWow64\vbscript.dll
.
============= FINISH: 1:35:41.57 ===============

DDS Attach
-----

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/12/2011 11:46:33 AM
System Uptime: 3/27/2011 1:14:14 AM (0 hours ago)
.
Motherboard: LENOVO | | 4318CTO
Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz | None | 1600/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 453 GiB total, 202.706 GiB free.
E: is CDROM ()
Q: is FIXED (NTFS) - 12 GiB total, 2.703 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
==== System Restore Points ===================
.
RP52: 3/16/2011 3:15:15 PM - Removed Minitab 15 English.
RP53: 3/16/2011 9:38:51 PM - Removed Minitab License Manager
RP54: 3/16/2011 9:44:32 PM - Installed Minitab License Manager
RP55: 3/16/2011 9:46:39 PM - Installed Minitab 15 English.
RP56: 3/18/2011 3:29:32 AM - Windows Update
RP57: 3/21/2011 8:56:14 AM - Installed FLEXnet Connect Windows Agent.
RP58: 3/23/2011 4:55:45 AM - Windows Update
.
==== Installed Programs ======================
.
Access Help
Adobe Acrobat 9 Pro
Adobe Acrobat 9.4.3 - CPSID_83708
Adobe ConnectNow Add-in
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Amazon Games & Software Downloader
AnswerWorks 5.0 English Runtime
avast! Free Antivirus
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Brother HL-4040CDN
Burn.Now 4.5
Cisco AnyConnect VPN Client
Corel Burn.Now Lenovo Edition
Corel DVD MovieFactory 7
Corel DVD MovieFactory Lenovo Edition
Create Recovery Media
D3DX10
Definition update for Microsoft Office 2010 (KB982726)
Direct DiscRecorder
FileZilla Client 3.3.5.1
FLEXnet Connect Windows Agent
Google Chrome
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Integrated Camera Driver Installer Package Ver.1.1.0.19
Intel(R) Control Center
Intel(R) Management Engine Components
InterVideo WinDVD 8
Junk Mail filter update
Lenovo Warranty Information
Lenovo Welcome
Malwarebytes' Anti-Malware
Mesh Runtime
Message Center Plus
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Policies
Microsoft SQL Server Browser
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Compact 3.5 SP1 Query Tools English
Microsoft Touch Pack for Windows 7
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft XNA Framework Redistributable 3.0
Minitab 15 English
Minitab License Manager
Mobile Broadband
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NEC Electronics USB 3.0 Host Controller Driver
Quicken 2010
Rescue and Recovery
RICOH R5U230 Media Driver ver.2.06.02.02
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
System Update
ThinkPad Power Manager
ThinkPad UltraNav Utility
ThinkVantage Access Connections
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2289116)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
3/27/2011 1:15:59 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/27/2011 1:15:18 AM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
3/27/2011 1:14:43 AM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain HTHPHILA due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
3/22/2011 12:53:44 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
3/21/2011 8:17:30 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SUService service.
.
==== End Of File ===========================


Any help is appreciated, thank you!

Avast_Alert_110326.bmp (431.09 KB)
Windows_Mal_Error_110326.jpg 73.39 KB
  • 2 Contributors
  • 11 Replies
  • 457 Views
  • 3 Days Discussion Span
  • Latest Post Latest Post by jholland1964
Member Avatar for jholland1964

Hello, well your Avast was working exactly as it was supposed to work and you of course did the right thing in running the scans.
The process noted would not be unusual however, c:\Windows\system32\svchost.exe. Take a look at your task manager and you likely will see multiple instances of it running at any given time. svchost.exe is a Host process for services.
The various services are organized into different groups and each instance of svchost.exe usually helps to run the items in one group. Your av program may have three or four services running at start up, you would see one instance of svchost.exe "in charge" of that group.
Now obviously that one cited had nothing to do with your avast, I am only using that as an example. Virturally every service that runs in Windows has a svchost.exe associated with it. It is pretty hard to narrow down which one that was since there are usually always multiple instances of that running.

Even though you believe you had not started any applications, there are many programs and services that are set to auto start when you boot the computer, these would not necessarily show to you but they are auto starting when the computer boots up. Avast of course is one of those, you don't have to tell it to start, it does so automatically. But it is likely one of those services that triggered this Avast warning. Since this had never happened before then it must be a recent one installed or enabled.
There is ONE service I do see listed with, which means it is autostarting when the computer boots is HsfXAudioService but I am sure there are others.

The website attempting contact was GoDaddy.com owned by GO-DADDY-SOFTWARE-INC

Did you recently visit that site,or do you use that site? Though you may have actually used it without knowing it as it does host other websites. Did you recently download software from there that could possibly be auto updating? It may be if you only recently visited it that Avast had never seen it before and that is why it flagged the file. As I said it also hosts other websites, has sections to build your own websites, email servers, any number of others things.

Are you using a Firewall? I don't see one in your log.

Edited by jholland1964 because: n/a
Member Avatar for scrapple

Thanks. I discovered that something turned on auto detect proxy settings (I would never have turned that on myself). After I turned that back off, the frequency of the malicious URL alert dropped (but didn't disappear).

I'm using Windows firewall and a firewall router, is that sufficient?

Member Avatar for jholland1964

Where do you see automatically detect Proxy settings? You didn't answer my question about GoDaddy.com.

Edited by jholland1964 because: n/a
Member Avatar for scrapple

Sorry, for the Godaddy question -- I didn't visit the godaddy website and don't recall visiting any sites explicitly hosted by godaddy. I definitely did not install any software (web downloaded or otherwise) while I was at work on Friday. Saturday when I booted up my machine at home, I started to get the message as soon as the laptop booted up.

For the proxy setting -- it was in IE --> Internet Options --> Connections --> LAN settings --> automatically detect settings

Thanks so much for your help!

Member Avatar for jholland1964

Sorry, for the Godaddy question -- I didn't visit the godaddy website and don't recall visiting any sites explicitly hosted by godaddy. I definitely did not install any software (web downloaded or otherwise) while I was at work on Friday. Saturday when I booted up my machine at home, I started to get the message as soon as the laptop booted up.

For the proxy setting -- it was in IE --> Internet Options --> Connections --> LAN settings --> automatically detect settings

Thanks so much for your help!

You have a lot of unnecessary autostarting items try turning those off and see if that makes a difference.
Most recently installed was
AmazonGSDownloaderTray and it also has this service auto starting;
AmazonGSDownloaderService.exe

Others not needed to run when the computer starts up are:
Google Update
Adobe Acrobat Speed Launcher
Acrobat Assistant 8.0
Adobe Reader Speed Launcher
Adobe ARM

to stop all these I suggest using Code Stuff Starter.Available from here;
http://www.snapfiles.com/get/starter.html

Download and install it. Then open the program you will see three tabs, Start ups is one and all the programs I noted except the one service will be found there. Take the check marks out of all those. They ALL can very easily be run manually if you need them.
Then go to the Services tab and scroll through the services there, it is alphabetical order so this one will be near the top
AmazonGSDownloaderService
double click on it and Stop the service if it shows as running, then change it's start up type to Manual.
Then close Code Stuff Starter and reboot the computer and see if you still get this Avast warning.

Edited by jholland1964 because: n/a
Member Avatar for jholland1964

Another question, since the Malicious Removal tool stopped or errored out when scanning Windows Media Player, just happened to think, had you recently viewed or saved a video that uses WMP to view? This could be where the GO Daddy warning came from. I don't mean that it was from the GoDaddy site itself but some site that is hosted by GoDaddy, there are a lot of them.
It might not say GoDaddy, it would likely have the name of the site it came from but that site, if you trace back, would be hosted by GoDaddy. If so, try scanning that particular video with your Avast.

Edited by jholland1964 because: n/a
Member Avatar for scrapple

Update - I installed Starter and disabled all of the items you listed (except for the service which says that it's related to a modem). Unfortunately, I'm still getting the malicious URL warning.

Re: Windows Media Player -- that application has never been opened on this machine. When I opened it just now to check it out, I got the initial configuration screen rather than the application, so no videos have been played on it.

Member Avatar for jholland1964

I didn't visit the godaddy website and don't recall visiting any sites explicitly hosted by godaddy.

GoDaddy seems to be a recurring theme with Avast flagging something from them. Have found numerous threads where the culprit has either been a perfectly legitimate web site hosted by them that gets flagged by Avast, one persons's email signature avatar came from one of their hosted sites or actual programs downloaded directly from them.
So obviously there is something wrong over there.
Problem is, you may never, ever go specifically to the GoDaddy site and also "think" you have never been to a site hosted by them, but most of the time you aren't going to know what server hosts a website. It just says to you, bob's chicken shack.whatever. but bob's chicken shack uses GoDaddy as his host server. You really have to "dig deep" sometimes to find that out.
It probably is something very simple, and something you haven't thought about.
Here is an example, at another forum guy posted a link for a website with spring wall papers and screen savers. That 1st website was fine, but all of the pictures offered were actually hosted at other websites. So if you chose one picture and clicked to download it then it didn't come from the first website, but from another.Sometimes you would realize this because you would actually be taken to that other site to get the picture, but on others if you clicked to download, the download box would just pop up and ask where to save it. Makes you think it came from that first site, right? No it didn't and several people's virus programs flagged some that came from two specific sites that said there was malicious script in them. So it could be something as simple as wallpaper, screen saver, email stationery, emoticons, any number of things.
It could also be something you have had on the computer for quite awhile but an Avast update NOW has given Avast the ability to see something it couldn't see before. I haven't used Avast in many years but there has to be somewhere to either set this so it is automatic and you don't have to keep saying yes block it. But you will have to look through the program to find that setting, it may be actually someplace on that warning you are receiving.

Member Avatar for jholland1964

=scrapple;1519802]Update - I installed Starter and disabled all of the items you listed (except for the service which says that it's related to a modem).

Which one was related to a modem? I didn't give you any related to a modem. The only Service I noted was this one AmazonGSDownloaderService
Which doesn't have anything to do with a modem, it is an Amazon Games & Software Downloader

Re: Windows Media Player -- that application has never been opened on this machine. When I opened it just now to check it out, I got the initial configuration screen rather than the application, so no videos have been played on it.

Now you may also THINK this has never been used but it clearly shows as a running process when you did the DDS Scanner
C:\Program Files\Windows Media Player\wmpnetwk.exe >>>Related to Windows_Media_Player Network Sharing Service. Note: Located in %ProgramFiles%\Windows Media Player\

Member Avatar for scrapple

Which one was related to a modem? I didn't give you any related to a modem. The only Service I noted was this one AmazonGSDownloaderService
Which doesn't have anything to do with a modem, it is an Amazon Games & Software Downloader

Sorry, I was referring to this service you had mentioned in an earlier post:

There is ONE service I do see listed with, which means it is autostarting when the computer boots is HsfXAudioService but I am sure there are others.

Now you may also THINK this has never been used but it clearly shows as a running process when you did the DDS Scanner
C:\Program Files\Windows Media Player\wmpnetwk.exe >>>Related to Windows_Media_Player Network Sharing Service. Note: Located in %ProgramFiles%\Windows Media Player\

Ok, I'll try to think of any videos I may have watched -- would watching a video embedded on a web page (e.g. youtube) involve that process?

Member Avatar for jholland1964

That service I noted earlier,HsfXAudioService, I only noted because it also uses \svchost.exe as many others do. I didn't mean to turn that off. That has to do with your sound by the way.
One other thing you might check is see what is in Scheduled Tasks. There might be something in there scheduled to "act" when the computer boots up.
Also automatic updates can be checked.

Edited by jholland1964 because: n/a
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.