Jump to content

av protection 2011

steve247

By steve247
in Resolved Malware Removal Logs

 Share

Recommended Posts

steve247

steve247

Posted
Posted

I know i should have come here first.

I got infected with av protection 2011

I ran malwarebytes and it acted like it got rid of the virus.

rebooted and my keyboard and mouse did not work.

So I ran combo fix. It said it removed more of the virus. My keyboard and mouse still do not work.

In the past the above 2 have taken care of all my issues.

I am going to attach the malewarebytes text, combofix text and the other two text file the forum asked for.

thanks for your help in advance

steve

Hi there,

I'd been out of town with my laptop recently and came home today and all was fine, but then out of the blue while trying to get to yahoo mail with Google Chrome browser, I noticed it was trying to redirect me to mydomainadvisor.com. I tried to go to google.com and the same thing happened. Then I went into panic mode. I updated and ran Spybot Search and Destroy and it didn't find anything. I read some old threads about what mydomainadvisor.com does and I'm even more in a panic now. I ran CCleaner (free version that may be outdated) and deleted temporary files (this may have been a huge mistake). I downloaded Hijack this, tried to run it and it complained about it not being allowed access to the hosts file. I'm now wondering if I needed to be sure I ran it as admin. Hijack this did not seem to create a log file for me to look at. It just launched a blank file within notepad. I found this site and followed the instructions as though I am infected as I believe I am, though nothing has found it yet. Ie I downloaded the free version of Malware Bytes Anti Malware and ran a quick scan that found nothing. Then I installed DDS.SCR and ran that and the logs are pasted/attached here as per directions. The sooner someone can look at this, the better off I am. I need full use of my computer to correspond with loved ones overseas and right now I am afraid to get into anything. I don't know how I even got this thing as I'm very careful. Any help would be immensely appreciated!

Thank you!!

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by Debbie at 1:28:13 on 2011-11-23

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1771.315 [GMT -5:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe

C:\Windows\system32\HPSIsvc.exe

C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe

C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Pidgin\pidgin.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://acer.msn.com

mDefault_Page_URL = hxxp://acer.msn.com

mStart Page = hxxp://acer.msn.com

uInternet Settings,ProxyOverride = *.local

mURLSearchHooks: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [Google Update] "C:\Users\Debbie\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe -update activex

mRun: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [backupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [MDS_Menu] "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaEspresso\6.1"

mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"

mRun: [<NO NAME>]

mRun: [HPUsageTrackingLEDM] "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"

mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

dRunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid}

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

TCP: DhcpNameServer = 192.168.1.1 192.168.0.1

TCP: Interfaces\{96B5BEC6-B531-4F98-8BCC-8FE732EA3233} : DhcpNameServer = 192.168.1.1 192.168.0.1

TCP: Interfaces\{96B5BEC6-B531-4F98-8BCC-8FE732EA3233}\2456C6B696E6F574F575962756C6563737F5334423145333 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{96B5BEC6-B531-4F98-8BCC-8FE732EA3233}\255747F50516373707F62747 : DhcpNameServer = 68.87.71.226 68.87.73.242

TCP: Interfaces\{96B5BEC6-B531-4F98-8BCC-8FE732EA3233}\5636F6E6F6C6F646765623 : DhcpNameServer = 10.0.0.1

TCP: Interfaces\{96B5BEC6-B531-4F98-8BCC-8FE732EA3233}\76575637476756C6F636964797 : DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{96B5BEC6-B531-4F98-8BCC-8FE732EA3233}\E4F4759425A5 : DhcpNameServer = 192.168.1.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll

BHO-X64: Ad-Aware Security Toolbar - No File

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll

mRun-x64: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [MDS_Menu] "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaEspresso\6.1"

mRun-x64: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"

mRun-x64: [(Default)]

mRun-x64: [HPUsageTrackingLEDM] "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"

mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\lihmm6p2.default\

FF - prefs.js: browser.search.selectedEngine - Search the Web

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Debbie\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]

R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]

R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-11-18 354304]

R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-9-9 44768]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]

R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-12-9 311376]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-12-2 868224]

R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]

R2 HP LaserJet Service;HP LaserJet Service;C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2009-6-24 136704]

R2 HPSIService;HP SI Service;C:\Windows\system32\HPSIsvc.exe --> C:\Windows\system32\HPSIsvc.exe [?]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-3 2152152]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2010-11-11 257344]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-5-30 17152]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-9-27 172912]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 mvusbews;USB EWS Device;C:\Windows\system32\Drivers\mvusbews.sys --> C:\Windows\system32\Drivers\mvusbews.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

.

=============== Created Last 30 ================

.

2011-11-23 06:18:20 -------- d-----w- C:\Users\Debbie\AppData\Roaming\Malwarebytes

2011-11-23 06:18:01 -------- d-----w- C:\ProgramData\Malwarebytes

2011-11-23 06:17:54 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-11-23 06:17:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-11-23 05:56:13 388096 ----a-r- C:\Users\Debbie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-11-23 05:56:13 -------- d-----w- C:\Program Files (x86)\Trend Micro

2011-11-23 03:09:16 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F022F117-2DD2-4292-A098-D778A19E7BB8}\offreg.dll

2011-11-23 03:09:07 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F022F117-2DD2-4292-A098-D778A19E7BB8}\mpengine.dll

2011-11-15 01:26:13 -------- d-----w- C:\Users\Debbie\AppData\Local\{C55F401B-8A7C-416C-B390-1F8A18C76C9E}

2011-11-15 01:26:00 -------- d-----w- C:\Users\Debbie\AppData\Local\{0B3F8B5B-4003-4523-AFA7-C395DCEF7EF9}

2011-11-10 04:35:24 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll

2011-11-10 04:35:24 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll

2011-11-10 04:35:22 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-11-10 04:35:18 3141120 ----a-w- C:\Windows\System32\win32k.sys

2011-11-09 04:42:44 101376 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL

2011-11-09 04:42:44 101376 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\1_HPZPPWN7.DLL

2011-11-08 15:40:36 -------- d-----w- C:\Users\Debbie\AppData\Local\{7616F552-3830-415F-ABC2-6641598D42D4}

2011-11-08 15:40:21 -------- d-----w- C:\Users\Debbie\AppData\Local\{98473672-5768-4499-AD68-73CC18B11CC7}

2011-11-08 15:14:21 -------- d-----w- C:\Users\Debbie\AppData\Local\adaware

2011-11-08 15:14:15 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection

2011-11-08 15:14:09 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner

2011-11-08 15:13:57 -------- d-----w- C:\Program Files (x86)\adawaretb

2011-11-07 02:28:09 -------- d-----w- C:\Users\Debbie\AppData\Local\{4598DDA9-7A3B-46D0-A386-42167BE49029}

2011-11-07 02:27:56 -------- d-----w- C:\Users\Debbie\AppData\Local\{71DEA228-416E-497E-83CE-AE8B266518AE}

2011-10-25 23:53:01 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll

2011-10-25 23:52:59 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll

.

==================== Find3M ====================

.

2011-11-03 17:06:56 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys

2011-10-14 09:15:06 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-09-06 20:45:29 41184 ----a-w- C:\Windows\avastSS.scr

2011-09-06 20:38:18 601944 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2011-09-06 20:36:30 65368 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll

2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

.

============= FINISH: 1:31:59.86 ===============

Forgot to include my Malwarebytes log:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8222

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

11/23/2011 1:25:36 AM

mbam-log-2011-11-23 (01-25-36).txt

Scan type: Quick scan

Objects scanned: 175011

Time elapsed: 4 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Attach.txt

DDS.txt

ComboFix.txt

mbam-log-2011-11-22 (15-24-23).txt

Attach.zip

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept