jmwcrna

Members

View Profile See their activity

Posts
8
Joined
March 9, 2011
Last visited
June 3, 2013

Reputation

0 Neutral

Unable to remove yontoo and norton security scan

jmwcrna posted a topic in Resolved Malware Removal Logs

I have Windows 7 and using Google Chrome, my son downloaded a "skin" for Minecraft and it also downloaded multiple malware programs, including, Drop Down Deals, Deal Ply, Delta Search, Norton Security Scan, and Yontoo. I was able to uninstall almost all of them from the control panel, but Norton fails to uninstall (the uninstall pop-up just flickers then disappears and it is still there and Yontoo says "C:\PROGRA~3\TARMAI~1\{889DF~1\Setup.dat Error 2 while loading archive:The system cannot find the file specified." I've run Mal-warebytes and that comes out clean, Avast is clean too. I tried a System Restore, but it won't allow it, even disabling Avast prior to Restore doesn't work. Norton runs a scan every time I open my computer. How can I get clean again? These are the logs: DDS-Notepad DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2 Run by Julie at 6:25:39 on 2013-06-03 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.1842 [GMT -5:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe C:\Windows\system32\WLANExt.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe C:\Windows\system32\Dwm.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\CheckPoint\ZAForceField\ForceField.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Users\Julie\AppData\Local\Akamai\netsession_win.exe C:\Users\Julie\AppData\Roaming\Yontoo\YontooDesktop.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files (x86)\Secunia\PSI\psi_tray.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Users\Julie\AppData\Local\Akamai\netsession_win.exe C:\Users\Julie\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchIndexer.exe c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\System32\WUDFHost.exe c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files (x86)\Secunia\PSI\sua.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Program Files\Microsoft Games\solitaire\solitaire.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE C:\Windows\splwow64.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\explorer.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.babylon.com/?affID=119357&tt=gc_&babsrc=HP_ss_din2g&mntrId=B22FF04DA241B4FA uDefault_Page_URL = hxxp://www.dell.com mWinlogon: Userinit = userinit.exe BHO: Lyrics Finder: {398C01F1-E584-46AD-A649-4F78B435DCFE} - BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe uRun: [Akamai NetSession Interface] "C:\Users\Julie\AppData\Local\Akamai\netsession_win.exe" uRun: [Yontoo Desktop] "C:\Users\Julie\AppData\Roaming\Yontoo\YontooDesktop.exe" mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" StartupFolder: C:\Users\Julie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe StartupFolder: C:\Users\Julie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Julie\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB TCP: NameServer = 192.168.1.1 TCP: Interfaces\{9E439EFC-57C1-4315-B23C-C388F35A2D7E} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{9E439EFC-57C1-4315-B23C-C388F35A2D7E}\16474777966696 : DHCPNameServer = 192.168.6.1 64.134.255.2 64.134.255.10 TCP: Interfaces\{9E439EFC-57C1-4315-B23C-C388F35A2D7E}\C696E6B6379737 : DHCPNameServer = 4.2.2.2 8.8.8.8 TCP: Interfaces\{9E439EFC-57C1-4315-B23C-C388F35A2D7E}\D43474F4F4 : DHCPNameServer = 129.135.130.1 TCP: Interfaces\{9E439EFC-57C1-4315-B23C-C388F35A2D7E}\F4B42514027455543545 : DHCPNameServer = 192.168.169.1 TCP: Interfaces\{F8D04562-9FDF-4E7C-AD61-D5696A5FDF68} : DHCPNameServer = 192.168.1.1 Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll AppInit_DLLs= c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe x64-Run: [iSW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden" x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned> x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-7 65336] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-7-23 55280] R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-7-24 1025808] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-7-24 377920] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-7-24 33400] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-7-24 80816] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-7 45248] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2010-1-11 155648] R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2012-7-14 33712] R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2012-7-14 828072] R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-6-27 681056] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-7-23 2320920] R2 Yontoo Desktop Updater;Yontoo Desktop Updater;C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe [2013-5-23 23552] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-7-22 35104] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-7-23 172704] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-7-23 56344] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-7-23 151936] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-7-23 244736] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C60x64.sys [2012-7-23 72744] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392] R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2011-12-16 17976] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-6-27 1326176] S3 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-7 178624] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-1-19 315664] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-29 19456] S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-4-29 57856] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-31 1255736] . =============== Created Last 30 ================ . 2013-06-01 13:15:30 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{086CEBB4-FE98-4848-8D68-5CE7AF4D5AC2}\offreg.dll 2013-06-01 13:12:09 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{086CEBB4-FE98-4848-8D68-5CE7AF4D5AC2}\mpengine.dll 2013-05-28 00:12:50 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared 2013-05-25 03:29:12 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-05-25 03:29:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-05-24 01:16:25 -------- d-----w- C:\Windows\IswTmp 2013-05-23 18:37:32 -------- d-----w- C:\ProgramData\Symantec 2013-05-23 18:37:07 -------- d-----w- C:\Windows\System32\drivers\NSSx64\0400000.030 2013-05-23 18:37:07 -------- d-----w- C:\Windows\System32\drivers\NSSx64 2013-05-23 18:37:07 -------- d-----w- C:\Program Files (x86)\Norton Security Scan 2013-05-23 18:37:06 -------- d-----w- C:\ProgramData\Norton 2013-05-23 18:33:44 -------- d-----w- C:\ProgramData\NortonInstaller 2013-05-23 18:33:44 -------- d-----w- C:\Program Files (x86)\NortonInstaller 2013-05-23 18:17:02 -------- d-----w- C:\Windows\SysWow64\searchplugins 2013-05-23 18:17:02 -------- d-----w- C:\Windows\SysWow64\Extensions 2013-05-23 18:16:14 -------- d-----w- C:\ProgramData\BrowserProtect 2013-05-23 18:15:52 -------- d-----w- C:\Users\Julie\AppData\Roaming\BabSolution 2013-05-23 18:15:36 -------- d-----w- C:\Users\Julie\AppData\Roaming\Yontoo 2013-05-23 18:15:36 -------- d-----w- C:\Program Files (x86)\Yontoo 2013-05-23 18:15:19 -------- d-----w- C:\Users\Julie\AppData\Roaming\DealPly 2013-05-23 18:15:10 -------- d-----w- C:\Users\Julie\AppData\Roaming\Babylon 2013-05-23 18:15:10 -------- d-----w- C:\ProgramData\Babylon 2013-05-23 18:14:52 -------- d-----w- C:\ProgramData\Tarma Installer 2013-05-23 18:14:50 -------- d-----w- C:\Users\Julie\AppData\Roaming\DSite 2013-05-21 16:59:19 -------- d-----w- C:\Program Files\iPod 2013-05-21 16:59:18 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-05-21 16:59:18 -------- d-----w- C:\Program Files\iTunes 2013-05-21 16:59:18 -------- d-----w- C:\Program Files (x86)\iTunes 2013-05-17 13:14:32 1930752 ----a-w- C:\Windows\System32\authui.dll 2013-05-17 13:14:30 70144 ----a-w- C:\Windows\System32\appinfo.dll 2013-05-17 13:14:30 1796096 ----a-w- C:\Windows\SysWow64\authui.dll 2013-05-17 13:14:30 111448 ----a-w- C:\Windows\System32\consent.exe 2013-05-17 13:14:14 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-05-17 13:14:13 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-05-17 13:14:13 144384 ----a-w- C:\Windows\System32\cdd.dll 2013-05-17 13:13:16 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-05-17 13:12:46 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll 2013-05-17 13:12:46 230400 ----a-w- C:\Windows\System32\wwansvc.dll . ==================== Find3M ==================== . 2013-05-15 01:40:40 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-15 01:40:40 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-05-02 07:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll 2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-04-04 10:35:05 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-26 14:49:59 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll 2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe 2013-03-11 00:07:45 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-03-11 00:07:45 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-03-06 23:33:21 70992 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2013-03-06 23:33:21 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys 2013-03-06 23:33:21 178624 ----a-w- C:\Windows\System32\drivers\aswVmm.sys 2013-03-06 23:33:21 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2013-03-06 23:33:20 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2013-03-06 23:32:51 41664 ----a-w- C:\Windows\avastSS.scr . ============= FINISH: 6:26:48.04 =============== Attach-Notepad . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 7/22/2012 9:21:55 AM System Uptime: 5/31/2013 9:01:07 AM (69 hours ago) . Motherboard: Dell Inc. | | 08VFX1 Processor: Intel® Core™ i3 CPU M 350 @ 2.27GHz | U2E1 | 929/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 453 GiB total, 382.893 GiB free. D: is CDROM () E: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP100: 5/21/2013 11:54:22 AM - Installed iTunes RP101: 5/23/2013 3:45:43 PM - Restore Operation RP102: 5/24/2013 9:58:04 AM - Windows Update RP103: 5/25/2013 8:28:20 AM - Restore Operation RP104: 5/27/2013 6:46:43 PM - Windows Update RP105: 6/1/2013 8:10:43 AM - Windows Update . ==== Installed Programs ====================== . 7-Zip 9.22 (x64 edition) Adobe Digital Editions Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.7) Adobe Shockwave Player 12.0 Advanced Audio FX Engine Akamai NetSession Interface Amazon Kindle Amazon MP3 Downloader 1.0.17 AnswerWorks 5.0 English Runtime Apple Application Support Apple Mobile Device Support Apple Software Update avast! Free Antivirus Bing Bar Bing Bar Platform Bing Rewards Client Installer Bonjour calibre Cozi CyberLink PowerDVD 9.5 Dell Dock Dell Edoc Viewer Dell Resource CD Dell System Detect Dell Webcam Central DirectXInstallService Dropbox EMC 10 Content EMCGadgets64 Google Chrome Google Update Helper GoToAssist Corporate HP Officejet Pro 8500 A910 Basic Device Software HP Officejet Pro 8500 A910 Help HP Officejet Pro 8500 A910 Product Improvement Study HP Update I.R.I.S. OCR Intel PROSet Wireless Intel® Graphics Media Accelerator Driver Intel® Management Engine Components Intel® PROSet/Wireless WiFi Software iTunes Java 7 Update 21 Java Auto Updater Live! Cam Avatar Creator Malwarebytes Anti-Malware version 1.75.0.1300 Marketsplash Shortcuts Microsoft .NET Framework 4 Client Profile Microsoft Default Manager Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NOOK for PC Norton Security Scan Quicken 2011 Quickset64 QuickTime Realtek Ethernet Controller Driver For Windows 7 Roxio Activation Module Roxio BackOnTrack Roxio Burn Roxio Central Audio Roxio Central Copy Roxio Central Core Roxio Central Data Roxio Central Tools Roxio Easy CD and DVD Burning Roxio Express Labeler 3 Roxio File Backup Roxio Update Manager Secunia PSI (3.0.0.2004) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Sonic CinePlayer Decoder Pack SpywareBlaster 4.6 SUPERAntiSpyware swMSM Synaptics Pointing Device Driver Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) WIDCOMM Bluetooth Software Yontoo 2.053 YTD Video Downloader 3.9.6 ZoneAlarm Firewall ZoneAlarm Free Firewall ZoneAlarm LTD Toolbar ZoneAlarm Security . ==== Event Viewer Messages From Past Week ======== . 6/3/2013 6:01:55 AM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. 5/30/2013 9:46:50 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer STEVE-DELL09PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9E439EFC-57C1-4315-B23C-C388F35A2D7E}. The master browser is stopping or an election is being forced. 5/30/2013 7:29:54 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.2 with the system having network hardware address 00-21-6A-52-E3-AC. Network operations on this system may be disrupted as a result. 5/27/2013 5:11:02 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer YOUR-EFD10BA36E that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9E439EFC-57C1-4315-B23C-C388F35A2D7E}. The master browser is stopping or an election is being forced. . ==== End Of File =========================== Thank you for your help!
- June 3, 2013
- 3 replies
Need help removing malware

jmwcrna replied to jmwcrna's topic in Resolved Malware Removal Logs

Everything seems to be great, no pop-ups, faster speed. Thank you for your help!
- March 18, 2011
- 12 replies
Need help removing malware

jmwcrna replied to jmwcrna's topic in Resolved Malware Removal Logs

This is the log I find: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK It did run a scan and said it was clean at the end.
- March 12, 2011
- 12 replies
Need help removing malware

jmwcrna replied to jmwcrna's topic in Resolved Malware Removal Logs

Will be leaving for Spring Break this morning, internet access may be iffy in the mts. I'll keep trying, but it may take me a day or two between posts. Thank you. . . ComboFix 11-03-11.02 - Julie 03/12/2011 8:13.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.244 [GMT -6:00] Running from: c:\users\Julie\Desktop\Combo-Fix.exe SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Julie\g2mdlhlpx.exe . . ((((((((((((((((((((((((( Files Created from 2011-02-12 to 2011-03-12 ))))))))))))))))))))))))))))))) . . 2011-03-12 14:18 . 2011-03-12 14:18 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-03-12 14:10 . 2011-03-12 14:10 -------- d-----w- C:\32788R22FWJFW 2011-03-11 16:10 . 2011-03-11 16:10 -------- d-----w- c:\windows\en 2011-03-11 16:06 . 2011-03-11 16:06 -------- d-----w- c:\program files\Windows Live 2011-03-11 16:05 . 2011-03-11 16:05 -------- d-----w- c:\program files (x86)\MSN Toolbar 2011-03-11 16:04 . 2011-03-11 16:05 -------- d-----w- c:\program files (x86)\Bing Bar Installer 2011-03-11 16:04 . 2009-09-04 23:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll 2011-03-11 16:04 . 2009-09-04 23:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll 2011-03-11 16:04 . 2009-09-04 23:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll 2011-03-11 16:04 . 2009-09-04 23:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll 2011-03-11 16:04 . 2006-11-29 19:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll 2011-03-11 16:04 . 2006-11-29 19:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll 2011-03-11 15:53 . 2011-03-11 15:53 469256 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\74968ec51cbe0042d\InstallManager_WLE_WLE.exe 2011-03-11 15:53 . 2011-03-11 15:53 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\66498a601cbe00422\MeshBetaRemover.exe 2011-03-11 15:52 . 2011-03-11 15:52 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\5a1b3fb91cbe0041a\DSETUP.dll 2011-03-11 15:52 . 2011-03-11 15:52 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\5a1b3fb91cbe0041a\DXSETUP.exe 2011-03-11 15:52 . 2011-03-11 15:52 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\5a1b3fb91cbe0041a\dsetup32.dll 2011-03-11 15:52 . 2011-03-11 15:52 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\578ca54e1cbe00419\DSETUP.dll 2011-03-11 15:52 . 2011-03-11 15:52 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\578ca54e1cbe00419\DXSETUP.exe 2011-03-11 15:52 . 2011-03-11 15:52 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\578ca54e1cbe00419\dsetup32.dll 2011-03-11 15:51 . 2011-03-11 15:51 -------- d-----w- c:\users\Julie\AppData\Local\Windows Live 2011-03-11 15:45 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll 2011-03-11 15:45 . 2010-12-23 06:07 723968 ----a-w- c:\windows\system32\EncDec.dll 2011-03-11 15:45 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll 2011-03-11 15:45 . 2010-12-23 05:28 534528 ----a-w- c:\windows\SysWow64\EncDec.dll 2011-03-11 15:45 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll 2011-03-11 15:45 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax 2011-03-11 15:45 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll 2011-03-11 15:45 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax 2011-03-11 15:45 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll 2011-03-11 15:45 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll 2011-03-11 15:45 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe 2011-03-11 15:45 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe 2011-03-11 15:43 . 2011-03-11 15:43 -------- d-----w- c:\users\Julie\AppData\Local\WindowsUpdate 2011-03-04 17:05 . 2011-03-04 17:05 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2011-03-04 16:48 . 2011-03-04 16:48 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR 2011-03-04 15:29 . 2011-03-04 15:29 -------- d-----w- c:\program files\Java 2011-03-04 15:23 . 2011-03-04 15:23 -------- d-----w- c:\users\Julie\AppData\Local\Secunia PSI 2011-03-04 15:22 . 2011-03-04 15:22 -------- d-----w- c:\program files (x86)\Secunia 2011-02-24 09:02 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll 2011-02-24 09:02 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll 2011-02-23 20:49 . 2011-01-07 08:07 662528 ----a-w- c:\windows\system32\XpsPrint.dll 2011-02-23 20:49 . 2011-01-07 08:07 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-02-23 20:49 . 2011-01-07 07:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2011-02-23 20:49 . 2011-01-07 07:31 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2011-02-22 06:22 . 2011-02-22 06:22 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-02-20 12:59 . 2011-02-20 12:59 -------- d-----w- c:\users\Julie\AppData\Roaming\Logitech 2011-02-20 12:58 . 2011-02-20 12:58 -------- d-----w- c:\users\Julie\AppData\Roaming\Leadertech 2011-02-20 12:58 . 2011-02-20 12:58 53248 ----a-r- c:\users\Julie\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2011-02-20 12:58 . 2011-02-20 12:58 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd 2011-02-20 12:50 . 2008-05-02 08:46 190992 ----a-w- c:\windows\system32\BtCoreIf.dll 2011-02-20 12:50 . 2008-05-02 08:47 95760 ----a-w- c:\windows\system32\KemXML.dll 2011-02-20 12:50 . 2008-05-02 08:47 158736 ----a-w- c:\windows\system32\KemWnd.dll 2011-02-20 12:50 . 2008-05-02 08:47 232976 ----a-w- c:\windows\system32\KemUtil.dll 2011-02-20 12:50 . 2008-05-02 08:47 235536 ----a-w- c:\windows\system32\kemutb.dll 2011-02-20 12:50 . 2011-02-20 12:50 -------- d-----w- c:\programdata\Logitech 2011-02-20 12:50 . 2011-02-20 12:51 -------- d-----w- c:\program files\Common Files\Logishrd 2011-02-20 12:50 . 2011-02-20 12:50 -------- d-----w- c:\program files\Logitech 2011-02-20 12:50 . 2011-02-20 12:50 -------- d-----w- c:\users\Julie\AppData\Roaming\InstallShield 2011-02-20 12:49 . 2011-02-20 12:49 -------- d-----w- c:\programdata\LogiShrd 2011-02-15 12:01 . 2011-02-15 12:01 -------- d-----w- c:\users\Mcx1-JULIE-DELL 2011-02-13 00:27 . 2011-03-10 03:35 -------- d-----w- c:\programdata\Big Fish Games 2011-02-13 00:26 . 2011-03-10 03:35 -------- d-----w- C:\BigFishGamesCache 2011-02-10 14:31 . 2011-03-10 03:38 -------- d-----w- c:\users\Julie\AppData\Local\Google 2011-02-10 14:31 . 2011-03-11 17:12 -------- d-----w- c:\program files\Google 2011-02-10 14:31 . 2011-03-11 17:12 -------- d-----w- c:\program files (x86)\Google 2011-02-10 14:30 . 2011-02-10 14:31 -------- d-----w- c:\windows\SysWow64\Adobe . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-04 15:29 . 2010-08-10 08:56 521448 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-15 11:59 . 2010-08-27 17:57 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-02-03 03:40 . 2010-08-10 08:55 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-01-07 08:06 . 2011-02-09 12:24 46080 ----a-w- c:\windows\system32\atmlib.dll 2011-01-07 07:27 . 2011-02-09 12:24 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2011-01-07 05:49 . 2011-02-09 12:24 366080 ----a-w- c:\windows\system32\atmfd.dll 2011-01-07 05:33 . 2011-02-09 12:24 294400 ----a-w- c:\windows\SysWow64\atmfd.dll 2011-01-05 06:20 . 2011-02-09 12:24 612352 ----a-w- c:\windows\system32\vbscript.dll 2011-01-05 05:37 . 2011-02-09 12:24 428032 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-01-05 04:00 . 2011-02-09 12:24 3127808 ----a-w- c:\windows\system32\win32k.sys 2010-12-21 06:16 . 2011-02-09 12:24 97280 ----a-w- c:\windows\system32\wscsvc.dll 2010-12-21 06:16 . 2011-02-09 12:24 62976 ----a-w- c:\windows\system32\wscapi.dll 2010-12-21 06:16 . 2011-02-09 12:24 214016 ----a-w- c:\windows\system32\winsrv.dll 2010-12-21 06:16 . 2011-02-09 12:24 442880 ----a-w- c:\windows\system32\winhttp.dll 2010-12-21 06:16 . 2011-02-09 12:24 1197056 ----a-w- c:\windows\system32\wininet.dll 2010-12-21 06:16 . 2011-02-09 12:24 258048 ----a-w- c:\windows\system32\WebClnt.dll 2010-12-21 06:15 . 2011-02-09 12:24 264192 ----a-w- c:\windows\system32\upnp.dll 2010-12-21 06:15 . 2011-02-09 12:24 15360 ----a-w- c:\windows\system32\slwga.dll 2010-12-21 06:13 . 2011-02-09 12:24 2003968 ----a-w- c:\windows\system32\msxml6.dll 2010-12-21 06:13 . 2011-02-09 12:24 1880576 ----a-w- c:\windows\system32\msxml3.dll 2010-12-21 06:10 . 2011-02-09 12:24 100864 ----a-w- c:\windows\system32\davclnt.dll 2010-12-21 05:38 . 2011-02-09 12:24 51200 ----a-w- c:\windows\SysWow64\wscapi.dll 2010-12-21 05:38 . 2011-02-09 12:24 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2010-12-21 05:38 . 2011-02-09 12:24 350720 ----a-w- c:\windows\SysWow64\winhttp.dll 2010-12-21 05:38 . 2011-02-09 12:24 204800 ----a-w- c:\windows\SysWow64\WebClnt.dll 2010-12-21 05:38 . 2011-02-09 12:24 204288 ----a-w- c:\windows\SysWow64\upnp.dll 2010-12-21 05:38 . 2011-02-09 12:24 14336 ----a-w- c:\windows\SysWow64\slwga.dll 2010-12-21 05:36 . 2011-02-09 12:24 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll 2010-12-21 05:36 . 2011-02-09 12:24 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2010-12-21 05:34 . 2011-02-09 12:24 80384 ----a-w- c:\windows\SysWow64\davclnt.dll 2010-12-21 00:09 . 2010-08-15 01:14 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2010-12-21 00:08 . 2010-08-15 01:14 24152 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-18 06:11 . 2011-02-10 09:07 57856 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-18 06:11 . 2011-02-09 12:24 714752 ----a-w- c:\windows\system32\kerberos.dll 2010-12-18 05:29 . 2011-02-10 09:07 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll 2010-12-18 05:29 . 2011-02-09 12:24 541184 ----a-w- c:\windows\SysWow64\kerberos.dll 2010-12-18 04:55 . 2011-02-10 09:07 482816 ----a-w- c:\windows\system32\html.iec 2010-12-18 04:20 . 2011-02-10 09:07 386048 ----a-w- c:\windows\SysWow64\html.iec 2010-12-18 04:13 . 2011-02-10 09:07 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2010-12-18 03:47 . 2011-02-10 09:07 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160] "AT&T Communication Manager"="c:\program files (x86)\AT&T\Communication Manager\ATTCM.exe" [2009-10-09 883272] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-07-21 165184] . c:\users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384] SpywareGuard.lnk - c:\program files (x86)\SpywareGuard\sgmain.exe [2003-8-29 360448] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584] Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2010-7-26 546360] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-2-20 1196048] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files (x86)\AT&T\Communication Manager\RcAppSvc.exe [2009-10-09 121416] R3 CAATT;AT&T Con App Svc;c:\program files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [2009-10-09 125512] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-01-19 315664] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x] R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-01-10 993848] R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [x] R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-01-10 399416] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x] . . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-03 10038304] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-08 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-08 391192] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-08 413720] "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-04-06 3203440] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-01-19 1926928] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 242192] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://att.my.yahoo.com/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file) Toolbar-Locked - (no file) Toolbar-Locked - (no file) WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file) HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-03-12 08:21:14 ComboFix-quarantined-files.txt 2011-03-12 14:21 . Pre-Run: 427,555,708,928 bytes free Post-Run: 427,137,966,080 bytes free . - - End Of File - - 7D0A7444BB2C62B3B2EADD34C212F89C
- March 12, 2011
- 12 replies
Need help removing malware

jmwcrna replied to jmwcrna's topic in Resolved Malware Removal Logs

Sorry, the main symptom besides the pop-ups was very slow loading of pages. Here are the two logs: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6014 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 3/10/2011 7:31:35 PM mbam-log-2011-03-10 (19-31-35).txt Scan type: Quick scan Objects scanned: 178874 Time elapsed: 5 minute(s), 22 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) . DDS (Ver_11-03-05.01) - NTFS_AMD64 Run by Julie at 19:36:05.76 on Thu 03/10/2011 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.468 [GMT -6:00] . AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG10\avgchsva.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Secunia\PSI\PSIA.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files (x86)\AVG\AVG10\avgnsa.exe C:\Program Files (x86)\AVG\AVG10\avgemca.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files (x86)\Secunia\PSI\psi_tray.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Program Files (x86)\SpywareGuard\sgmain.exe C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files (x86)\SpywareGuard\sgbhp.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\AVG\AVG10\avgtray.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Windows\system32\conhost.exe c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\PROGRA~2\AVG\AVG10\avgrsa.exe C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Secunia\PSI\sua.exe C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\calc.exe C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files (x86)\AVG\AVG10\avgcsrvx.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Users\Julie\Desktop\Security\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\DllHost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://att.my.yahoo.com/ uURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun: [<NO NAME>] mRun: [AT&T Communication Manager] "C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe" -a mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe StartupFolder: C:\Users\Julie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe StartupFolder: C:\Users\Julie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\Common\eReg.exe StartupFolder: C:\Users\Julie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SPYWAR~1.LNK - C:\Program Files (x86)\SpywareGuard\sgmain.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB-X64: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s mRun-x64: [igfxTray] C:\Windows\system32\igfxtray.exe mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe mRun-x64: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-11-16 55280] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-8-10 98208] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-1-10 993848] R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-1-10 399416] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-8-10 689472] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-10 2320920] R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 157264] R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-8-10 35104] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-8-10 172704] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-8-10 56344] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-8-10 158976] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-8-10 271872] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-8-10 74280] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392] R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976] R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\System32\drivers\seehcri.sys [2010-8-27 34032] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-4-24 721768] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-4-24 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920] R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-4-5 39832] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 ATTRcAppSvc;AT&T RcAppSvc;C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe [2009-10-9 121416] S3 CAATT;AT&T Con App Svc;C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [2009-10-9 125512] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-1-19 315664] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;C:\Windows\System32\PCTINDIS5X64.sys [2009-10-9 43032] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-8-10 245792] S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);C:\Windows\System32\drivers\swnc8ua3.sys [2009-3-31 227840] S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);C:\Windows\System32\drivers\swumxa3.sys [2009-5-4 198528] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-17 1255736] . =============== Created Last 30 ================ . 2011-03-04 15:23:09 -------- d-----w- C:\Users\Julie\AppData\Local\Secunia PSI 2011-03-04 15:22:27 -------- d-----w- C:\Program Files (x86)\Secunia 2011-02-24 09:02:24 367104 ----a-w- C:\Windows\System32\wcncsvc.dll 2011-02-24 09:02:24 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll 2011-02-23 20:49:21 662528 ----a-w- C:\Windows\System32\XpsPrint.dll 2011-02-23 20:49:21 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2011-02-23 20:49:21 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll 2011-02-23 20:49:21 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll 2011-02-20 12:58:42 53248 ----a-r- C:\Users\Julie\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2011-02-20 12:50:54 190992 ----a-w- C:\Windows\System32\BtCoreIf.dll 2011-02-20 12:50:47 95760 ----a-w- C:\Windows\System32\KemXML.dll 2011-02-20 12:50:47 235536 ----a-w- C:\Windows\System32\kemutb.dll 2011-02-20 12:50:47 232976 ----a-w- C:\Windows\System32\KemUtil.dll 2011-02-20 12:50:47 158736 ----a-w- C:\Windows\System32\KemWnd.dll 2011-02-13 00:27:38 -------- d-----w- C:\PROGRA~3\Big Fish Games 2011-02-13 00:26:46 -------- d-----w- C:\BigFishGamesCache 2011-02-10 14:31:39 -------- d-----w- C:\Users\Julie\AppData\Local\Google 2011-02-10 14:30:36 -------- d-----w- C:\Windows\SysWow64\Adobe 2011-02-09 12:24:15 714752 ----a-w- C:\Windows\System32\kerberos.dll . ==================== Find3M ==================== . 2011-03-04 15:29:21 521448 ----a-w- C:\Windows\System32\deployJava1.dll 2011-02-03 03:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll 2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll 2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll 2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll 2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll 2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys 2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll 2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll 2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll 2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll 2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll 2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll 2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll 2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll 2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll 2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll 2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll 2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll 2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll 2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll 2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll 2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll 2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll 2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll 2010-12-21 00:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll 2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll 2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec 2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec 2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb . ============= FINISH: 19:37:06.94 ===============
- March 11, 2011
- 12 replies
Need help removing malware

jmwcrna replied to jmwcrna's topic in Resolved Malware Removal Logs

I know it installed with Freecorder because it was the only thing I had downloaded and then suddenly there were these annoying pop-ups. Then I googled it and lots of people had the same thing happen, but had a hard time uninstalling everything. This is my new DDS log: . DDS (Ver_11-03-05.01) - NTFS_AMD64 Run by Julie at 21:58:39.42 on Wed 03/09/2011 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.251 [GMT -6:00] . AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG10\avgchsva.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Secunia\PSI\PSIA.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files (x86)\AVG\AVG10\avgnsa.exe C:\Program Files (x86)\AVG\AVG10\avgemca.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files (x86)\Secunia\PSI\psi_tray.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Program Files (x86)\SpywareGuard\sgmain.exe C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files (x86)\SpywareGuard\sgbhp.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\AVG\AVG10\avgtray.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Windows\system32\conhost.exe c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\PROGRA~2\AVG\AVG10\avgrsa.exe C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Secunia\PSI\sua.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Julie\Desktop\Security\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://att.my.yahoo.com/ uURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun: [<NO NAME>] mRun: [AT&T Communication Manager] "C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe" -a mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe StartupFolder: C:\Users\Julie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe StartupFolder: C:\Users\Julie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\Common\eReg.exe StartupFolder: C:\Users\Julie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SPYWAR~1.LNK - C:\Program Files (x86)\SpywareGuard\sgmain.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB-X64: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s mRun-x64: [igfxTray] C:\Windows\system32\igfxtray.exe mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe mRun-x64: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-11-16 55280] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-8-10 98208] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-1-10 993848] R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-1-10 399416] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-8-10 689472] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-10 2320920] R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 157264] R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-8-10 35104] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-8-10 172704] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-8-10 56344] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-8-10 158976] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-8-10 271872] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-8-10 74280] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392] R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976] R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\System32\drivers\seehcri.sys [2010-8-27 34032] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-4-24 721768] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-4-24 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920] R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-4-5 39832] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-10 136176] S3 ATTRcAppSvc;AT&T RcAppSvc;C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe [2009-10-9 121416] S3 CAATT;AT&T Con App Svc;C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [2009-10-9 125512] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-1-19 315664] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;C:\Windows\System32\PCTINDIS5X64.sys [2009-10-9 43032] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-8-10 245792] S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);C:\Windows\System32\drivers\swnc8ua3.sys [2009-3-31 227840] S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);C:\Windows\System32\drivers\swumxa3.sys [2009-5-4 198528] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-17 1255736] . =============== Created Last 30 ================ . 2011-03-04 15:23:09 -------- d-----w- C:\Users\Julie\AppData\Local\Secunia PSI 2011-03-04 15:22:27 -------- d-----w- C:\Program Files (x86)\Secunia 2011-02-24 09:02:24 367104 ----a-w- C:\Windows\System32\wcncsvc.dll 2011-02-24 09:02:24 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll 2011-02-23 20:49:21 662528 ----a-w- C:\Windows\System32\XpsPrint.dll 2011-02-23 20:49:21 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2011-02-23 20:49:21 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll 2011-02-23 20:49:21 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll 2011-02-20 12:58:42 53248 ----a-r- C:\Users\Julie\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2011-02-20 12:50:54 190992 ----a-w- C:\Windows\System32\BtCoreIf.dll 2011-02-20 12:50:47 95760 ----a-w- C:\Windows\System32\KemXML.dll 2011-02-20 12:50:47 235536 ----a-w- C:\Windows\System32\kemutb.dll 2011-02-20 12:50:47 232976 ----a-w- C:\Windows\System32\KemUtil.dll 2011-02-20 12:50:47 158736 ----a-w- C:\Windows\System32\KemWnd.dll 2011-02-13 00:27:38 -------- d-----w- C:\PROGRA~3\Big Fish Games 2011-02-13 00:26:46 -------- d-----w- C:\BigFishGamesCache 2011-02-10 14:31:39 -------- d-----w- C:\Users\Julie\AppData\Local\Google 2011-02-10 14:30:36 -------- d-----w- C:\Windows\SysWow64\Adobe 2011-02-09 12:24:15 714752 ----a-w- C:\Windows\System32\kerberos.dll . ==================== Find3M ==================== . 2011-03-04 15:29:21 521448 ----a-w- C:\Windows\System32\deployJava1.dll 2011-02-03 03:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll 2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll 2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll 2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll 2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll 2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys 2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll 2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll 2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll 2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll 2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll 2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll 2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll 2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll 2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll 2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll 2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll 2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll 2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll 2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll 2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll 2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll 2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll 2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll 2010-12-21 00:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll 2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll 2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec 2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec 2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb . ============= FINISH: 21:59:27.19 ===============
- March 10, 2011
- 12 replies
Need help removing malware

jmwcrna posted a topic in Resolved Malware Removal Logs

I downloaded Freecorder 4, not realizing it also downloaded price gong malware with it. I would like help in removing both from my laptop, so hopefully it can be done right the first time. I have attached or pasted the requested logs/files. Thanks for your help in advance! Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6001 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 3/9/2011 10:54:04 AM mbam-log-2011-03-09 (10-54-04).txt Scan type: Quick scan Objects scanned: 178381 Time elapsed: 7 minute(s), 29 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) . DDS (Ver_11-03-05.01) - NTFS_AMD64 Run by Julie at 11:12:02.03 on Wed 03/09/2011 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.875 [GMT -6:00] . AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG10\avgchsva.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe C:\Windows\system32\taskhost.exe c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Secunia\PSI\PSIA.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\AVG\AVG10\avgnsa.exe C:\Program Files (x86)\AVG\AVG10\avgemca.exe C:\Windows\system32\conhost.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\Secunia\PSI\sua.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Secunia\PSI\psi_tray.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Program Files (x86)\SpywareGuard\sgmain.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\SpywareGuard\sgbhp.exe c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\AVG\AVG10\avgtray.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Freecorder\FLVSrvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Windows\system32\conhost.exe c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\PROGRA~2\AVG\AVG10\avgrsa.exe C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files (x86)\AVG\AVG10\avgcsrvx.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Julie\Desktop\Security\dds.scr C:\Windows\system32\conhost.exe C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://att.my.yahoo.com/ uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll mWinlogon: Userinit=userinit.exe, BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun: [<NO NAME>] mRun: [AT&T Communication Manager] "C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe" -a mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe StartupFolder: C:\Users\Julie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe StartupFolder: C:\Users\Julie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\Common\eReg.exe StartupFolder: C:\Users\Julie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SPYWAR~1.LNK - C:\Program Files (x86)\SpywareGuard\sgmain.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB-X64: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s mRun-x64: [igfxTray] C:\Windows\system32\igfxtray.exe mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe mRun-x64: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-11-16 55280] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-8-10 98208] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 157264] R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-8-10 35104] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-8-10 172704] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-8-10 56344] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-8-10 158976] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-8-10 271872] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-8-10 74280] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392] R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976] R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\System32\drivers\seehcri.sys [2010-8-27 34032] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-4-24 721768] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-4-24 22376] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920] R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-4-5 39832] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-10 136176] S3 ATTRcAppSvc;AT&T RcAppSvc;C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe [2009-10-9 121416] S3 CAATT;AT&T Con App Svc;C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [2009-10-9 125512] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-1-19 315664] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;C:\Windows\System32\PCTINDIS5X64.sys [2009-10-9 43032] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-8-10 245792] S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);C:\Windows\System32\drivers\swnc8ua3.sys [2009-3-31 227840] S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);C:\Windows\System32\drivers\swumxa3.sys [2009-5-4 198528] . =============== Created Last 30 ================ . 2011-03-04 15:23:09 -------- d-----w- C:\Users\Julie\AppData\Local\Secunia PSI 2011-03-04 15:22:27 -------- d-----w- C:\Program Files (x86)\Secunia 2011-02-24 09:02:24 367104 ----a-w- C:\Windows\System32\wcncsvc.dll 2011-02-24 09:02:24 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll 2011-02-23 20:49:21 662528 ----a-w- C:\Windows\System32\XpsPrint.dll 2011-02-23 20:49:21 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2011-02-23 20:49:21 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll 2011-02-23 20:49:21 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll 2011-02-20 12:58:42 53248 ----a-r- C:\Users\Julie\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2011-02-20 12:50:54 190992 ----a-w- C:\Windows\System32\BtCoreIf.dll 2011-02-20 12:50:47 95760 ----a-w- C:\Windows\System32\KemXML.dll 2011-02-20 12:50:47 235536 ----a-w- C:\Windows\System32\kemutb.dll 2011-02-20 12:50:47 232976 ----a-w- C:\Windows\System32\KemUtil.dll 2011-02-20 12:50:47 158736 ----a-w- C:\Windows\System32\KemWnd.dll 2011-02-13 00:27:38 -------- d-----w- C:\PROGRA~3\Big Fish Games 2011-02-13 00:27:36 -------- d-----w- C:\Program Files (x86)\bfgclient 2011-02-13 00:26:46 -------- d-----w- C:\BigFishGamesCache 2011-02-10 14:31:39 -------- d-----w- C:\Users\Julie\AppData\Local\Google 2011-02-10 14:30:36 -------- d-----w- C:\Windows\SysWow64\Adobe 2011-02-09 12:24:15 714752 ----a-w- C:\Windows\System32\kerberos.dll . ==================== Find3M ==================== . 2011-03-04 15:29:21 521448 ----a-w- C:\Windows\System32\deployJava1.dll 2011-02-03 03:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll 2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll 2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll 2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll 2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll 2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys 2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll 2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll 2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll 2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll 2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll 2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll 2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll 2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll 2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll 2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll 2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll 2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll 2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll 2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll 2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll 2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll 2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll 2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll 2010-12-21 00:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll 2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll 2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec 2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec 2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb . ============= FINISH: 11:14:02.68 =============== Attach.zip ark.zip
- March 9, 2011
- 1 reply
Need help removing malware

jmwcrna posted a topic in Resolved Malware Removal Logs

I downloaded Freecorder 4, not realizing it also downloaded price gong malware with it. I would like help in removing both from my laptop, so hopefully it can be done right the first time. I have attached or pasted the requested logs/files. Thanks for your help in advance! Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6001 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 3/9/2011 10:54:04 AM mbam-log-2011-03-09 (10-54-04).txt Scan type: Quick scan Objects scanned: 178381 Time elapsed: 7 minute(s), 29 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) . DDS (Ver_11-03-05.01) - NTFS_AMD64 Run by Julie at 11:12:02.03 on Wed 03/09/2011 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.875 [GMT -6:00] . AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG10\avgchsva.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe C:\Windows\system32\taskhost.exe c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Secunia\PSI\PSIA.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\AVG\AVG10\avgnsa.exe C:\Program Files (x86)\AVG\AVG10\avgemca.exe C:\Windows\system32\conhost.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\Secunia\PSI\sua.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Secunia\PSI\psi_tray.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Program Files (x86)\SpywareGuard\sgmain.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\SpywareGuard\sgbhp.exe c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\AVG\AVG10\avgtray.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Freecorder\FLVSrvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Windows\system32\conhost.exe c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\PROGRA~2\AVG\AVG10\avgrsa.exe C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files (x86)\AVG\AVG10\avgcsrvx.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Julie\Desktop\Security\dds.scr C:\Windows\system32\conhost.exe C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://att.my.yahoo.com/ uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll mWinlogon: Userinit=userinit.exe, BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun: [<NO NAME>] mRun: [AT&T Communication Manager] "C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe" -a mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe StartupFolder: C:\Users\Julie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe StartupFolder: C:\Users\Julie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\Common\eReg.exe StartupFolder: C:\Users\Julie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SPYWAR~1.LNK - C:\Program Files (x86)\SpywareGuard\sgmain.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB-X64: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s mRun-x64: [igfxTray] C:\Windows\system32\igfxtray.exe mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe mRun-x64: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-11-16 55280] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-8-10 98208] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 157264] R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-8-10 35104] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-8-10 172704] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-8-10 56344] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-8-10 158976] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-8-10 271872] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-8-10 74280] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392] R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976] R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\System32\drivers\seehcri.sys [2010-8-27 34032] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-4-24 721768] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-4-24 22376] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920] R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-4-5 39832] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-10 136176] S3 ATTRcAppSvc;AT&T RcAppSvc;C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe [2009-10-9 121416] S3 CAATT;AT&T Con App Svc;C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [2009-10-9 125512] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-1-19 315664] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;C:\Windows\System32\PCTINDIS5X64.sys [2009-10-9 43032] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-8-10 245792] S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);C:\Windows\System32\drivers\swnc8ua3.sys [2009-3-31 227840] S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);C:\Windows\System32\drivers\swumxa3.sys [2009-5-4 198528] . =============== Created Last 30 ================ . 2011-03-04 15:23:09 -------- d-----w- C:\Users\Julie\AppData\Local\Secunia PSI 2011-03-04 15:22:27 -------- d-----w- C:\Program Files (x86)\Secunia 2011-02-24 09:02:24 367104 ----a-w- C:\Windows\System32\wcncsvc.dll 2011-02-24 09:02:24 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll 2011-02-23 20:49:21 662528 ----a-w- C:\Windows\System32\XpsPrint.dll 2011-02-23 20:49:21 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2011-02-23 20:49:21 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll 2011-02-23 20:49:21 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll 2011-02-20 12:58:42 53248 ----a-r- C:\Users\Julie\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2011-02-20 12:50:54 190992 ----a-w- C:\Windows\System32\BtCoreIf.dll 2011-02-20 12:50:47 95760 ----a-w- C:\Windows\System32\KemXML.dll 2011-02-20 12:50:47 235536 ----a-w- C:\Windows\System32\kemutb.dll 2011-02-20 12:50:47 232976 ----a-w- C:\Windows\System32\KemUtil.dll 2011-02-20 12:50:47 158736 ----a-w- C:\Windows\System32\KemWnd.dll 2011-02-13 00:27:38 -------- d-----w- C:\PROGRA~3\Big Fish Games 2011-02-13 00:27:36 -------- d-----w- C:\Program Files (x86)\bfgclient 2011-02-13 00:26:46 -------- d-----w- C:\BigFishGamesCache 2011-02-10 14:31:39 -------- d-----w- C:\Users\Julie\AppData\Local\Google 2011-02-10 14:30:36 -------- d-----w- C:\Windows\SysWow64\Adobe 2011-02-09 12:24:15 714752 ----a-w- C:\Windows\System32\kerberos.dll . ==================== Find3M ==================== . 2011-03-04 15:29:21 521448 ----a-w- C:\Windows\System32\deployJava1.dll 2011-02-03 03:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll 2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll 2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll 2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll 2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll 2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys 2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll 2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll 2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll 2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll 2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll 2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll 2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll 2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll 2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll 2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll 2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll 2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll 2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll 2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll 2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll 2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll 2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll 2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll 2010-12-21 00:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll 2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll 2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec 2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec 2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb . ============= FINISH: 11:14:02.68 =============== ark.zipAttach.zip
- March 9, 2011
- 12 replies

Sign In

jmwcrna

Posts

Joined

Last visited

Reputation

Unable to remove yontoo and norton security scan

Need help removing malware

Need help removing malware

Need help removing malware

Need help removing malware

Need help removing malware

Need help removing malware

Need help removing malware

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information