stevo1963 Posted July 10, 2012 ID:568990 Share Posted July 10, 2012 About a week ago my anti virus intercepted a virus and removed it but since then my googe searches have been redirecting. I've tried several spybot removal programs with no success. I've also tried to remove it manually based on information I've found online. I was hoping I could get some assistance on removing this most annoying malware. Link to post Share on other sites More sharing options...
Staff screen317 Posted July 10, 2012 Staff ID:569013 Share Posted July 10, 2012 Hi and welcome to Malwarebytes. Please update MBAM, run a Quick Scan, and post its log. Next, download DDS by sUBs and save it to your Desktop. Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply. Link to post Share on other sites More sharing options...
stevo1963 Posted July 10, 2012 Author ID:569033 Share Posted July 10, 2012 it appears my txt file did no post for some reason i will scan again and post again. sorry for the delay Link to post Share on other sites More sharing options...
Staff screen317 Posted July 10, 2012 Staff ID:569040 Share Posted July 10, 2012 No problem. Thanks for the update. Link to post Share on other sites More sharing options...
stevo1963 Posted July 10, 2012 Author ID:569056 Share Posted July 10, 2012 Here is a copy of the log from mbMalwarebytes Anti-Malware 1.61.0.1400www.malwarebytes.orgDatabase version: v2012.07.10.12Windows 7 Service Pack 1 x86 NTFSInternet Explorer 9.0.8112.16421Steven :: WINDOWS7-PRO [administrator]7/10/2012 1:30:40 PMmbam-log-2012-07-10 (13-30-40).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 231055Time elapsed: 7 minute(s),Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
stevo1963 Posted July 10, 2012 Author ID:569057 Share Posted July 10, 2012 Here is a copy of the dds txt file..DDS (Ver_2011-08-26.01) - NTFSx86Internet Explorer: 9.0.8112.16421Run by Steven at 13:41:55 on 2012-07-10Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.1543 [GMT -7:00].AV: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}.============== Running Processes ===============.C:\PROGRA~1\AVG\AVG2012\avgrsx.exeC:\Program Files\AVG\AVG2012\avgcsrvx.exeC:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\atieclxx.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exeC:\Program Files\AVG\AVG2012\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exeC:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exeC:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exeC:\Program Files\PC Tools Security\pctsAuxs.exeC:\Program Files\PC Tools Security\pctsSvc.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestrictedC:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exeC:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXEC:\Program Files\Spybot - Search & Destroy\SDWinSec.exeC:\Program Files\AVG\AVG2012\AVGIDSAgent.exeC:\Program Files\AVG\AVG2012\avgnsx.exeC:\Program Files\AVG\AVG2012\avgemcx.exeC:\Windows\system32\WUDFHost.exeC:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exeC:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\PC Tools Security\pctsGui.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\AVG\AVG2012\avgtray.exeC:\Program Files\Canon\MyPrinter\BJMYPRT.EXEC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXEC:\Program Files\AVG Secure Search\vprot.exeC:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exeC:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Portrait Displays\HP Display Assistant\DTHtml.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exeC:\Program Files\Garmin\Training Center\gStart.exeC:\Program Files\RepairSolutions\RepairSolutions.exeC:\Users\Steven\AppData\Local\Akamai\netsession_win.exeC:\Program Files\Common Files\Apple\Internet Services\ubd.exeC:\Windows\System32\rundll32.exeC:\Program Files\Audible\Bin\AudibleDownloadHelper.exeC:\Program Files\Drobo\Drobo Dashboard\DroboDashboard.exeC:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exeC:\Users\Steven\AppData\Local\Akamai\netsession_win.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files\PIXELA\VideoBrowser\CameraMonitor.exeC:\Windows\system32\conhost.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Portrait Displays\Pivot Pro Plugin\wpctrl.exeC:\Program Files\Portrait Displays\Pivot Pro Plugin\floater.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exeC:\Program Files\Common Files\Portrait Displays\Plugins\DP\DPHelper.exeC:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exeC:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXEC:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXEC:\Program Files\AVG\AVG2012\avgcsrvx.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Windows\notepad.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\NOTEPAD.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\conhost.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uSearch Bar = PreserveuInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dllBHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dllBHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dllBHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllTB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dllTB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dlluRun: [AdobeBridge]uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exeuRun: [gStart] c:\program files\garmin\training center\gStart.exeuRun: [RepairSolutions] "c:\program files\repairsolutions\RepairSolutions.exe"uRun: [Akamai NetSession Interface] "c:\users\steven\appdata\local\akamai\netsession_win.exe"uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exeuRun: [Adobe] rundll32.exe "c:\users\steven\appdata\local\akamai\adobe\xjqvus.dll",CreateInstancemRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exemRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbyloginmRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRunmRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logonmRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logonmRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXEmRun: [PivotSoftware] "c:\program files\portrait displays\pivot pro plugin\Pivot_startup.exe" -delay=10mRun: [DT HWP] c:\program files\common files\portrait displays\shared\DT_startup.exe -HWPmRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exemRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [vProt] "c:\program files\avg secure search\vprot.exe"mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [uSBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exemRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [iSTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUIStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\drobod~1.lnk - c:\program files\drobo\drobo dashboard\DroboDashboard.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\videob~1.lnk - c:\program files\pixela\videobrowser\CameraMonitor.exemPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLLIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dllLSP: c:\program files\common files\pc tools\lsp\PCTLsp.dllTrusted Zone: intuit.com\ttlcDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cabTCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{1C5902D1-D606-4228-8FE4-AE5735AC3573} : DhcpNameServer = 192.168.1.1Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dllHandler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll.============= SERVICES / DRIVERS ===============.R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-7-9 331880]R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-7-9 342168]R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2012-7-9 909728]R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-7-9 185560]R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-5 176128]R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]R2 DDService;Drobo Dashboard Service;c:\program files\drobo\drobo dashboard\support\DDService.exe [2011-4-15 749568]R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]R2 PdiService;Portrait Displays SDK Service;c:\program files\common files\portrait displays\drivers\pdisrvc.exe [2011-5-9 113264]R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-7-9 1153368]R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2012-7-9 402336]R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2012-7-9 1117624]R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-4-20 7772160]R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-4-20 243712]R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-7-10 40776]R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-11 250056]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2011-11-12 19456]S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-13 20992]S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-4 1343400].=============== Created Last 30 ================.2012-07-10 20:30:13 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2012-07-10 18:41:57 -------- d-----w- c:\program files\ESET2012-07-10 08:16:33 -------- d-----w- c:\users\steven\appdata\roaming\Malwarebytes2012-07-10 08:16:21 -------- d-----w- c:\programdata\Malwarebytes2012-07-10 08:16:20 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-07-10 08:16:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-07-10 06:54:14 -------- d-----w- c:\users\steven\appdata\roaming\GetRightToGo2012-06-21 19:56:14 2422272 ----a-w- c:\windows\system32\wucltux.dll2012-06-21 19:55:49 88576 ----a-w- c:\windows\system32\wudriver.dll2012-06-21 19:55:28 33792 ----a-w- c:\windows\system32\wuapp.exe2012-06-21 19:55:28 171904 ----a-w- c:\windows\system32\wuwebv.dll2012-06-14 02:17:36 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys2012-06-14 02:17:22 2342400 ----a-w- c:\windows\system32\msi.dll2012-06-14 02:17:19 2343936 ----a-w- c:\windows\system32\win32k.sys2012-06-14 02:17:13 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe2012-06-14 02:17:13 58880 ----a-w- c:\windows\system32\rdpwsx.dll2012-06-14 02:17:13 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll2012-06-14 02:17:10 164352 ----a-w- c:\windows\system32\profsvc.dll2012-06-14 02:17:05 140288 ----a-w- c:\windows\system32\cryptsvc.dll2012-06-14 02:17:05 1158656 ----a-w- c:\windows\system32\crypt32.dll2012-06-14 02:17:05 103936 ----a-w- c:\windows\system32\cryptnet.dll2012-06-13 07:05:34 -------- d-----w- c:\program files\iTunes2012-06-13 07:05:34 -------- d-----w- c:\program files\iPod2012-06-13 01:49:46 -------- d-----w- c:\users\steven\appdata\local\AVG Secure Search.==================== Find3M ====================.2012-06-23 11:34:08 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-06-23 11:34:08 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb2012-04-19 11:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys2012-04-19 03:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx2012-04-19 03:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts.============= FINISH: 13:43:02.09 =============== Link to post Share on other sites More sharing options...
Staff screen317 Posted July 11, 2012 Staff ID:569164 Share Posted July 11, 2012 Hi,I notice that you are using more than one antivirus program (PC Tools and AVG). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.Please visit this webpage for instructions for running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317 Link to post Share on other sites More sharing options...
stevo1963 Posted July 11, 2012 Author ID:569226 Share Posted July 11, 2012 Here is the combofix.txt fileComboFix 12-07-10.01 - Steven 07/10/2012 22:36:41.1.2 - x86Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.1947 [GMT -7:00]Running from: c:\users\Steven\Downloads\ComboFix.exeAV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\install.exec:\users\Steven\AppData\Local\Akamai\Adobe\xjqvus.dllc:\users\Steven\GoToAssistDownloadHelper.exe..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Service_DDService..((((((((((((((((((((((((( Files Created from 2012-06-11 to 2012-07-11 )))))))))))))))))))))))))))))))..2012-07-11 06:00 . 2012-07-11 06:08 -------- d-----w- c:\users\Steven\AppData\Local\temp2012-07-11 06:00 . 2012-07-11 06:00 -------- d-----w- c:\users\Default\AppData\Local\temp2012-07-10 18:41 . 2012-07-10 18:41 -------- d-----w- c:\program files\ESET2012-07-10 08:16 . 2012-07-10 08:16 -------- d-----w- c:\users\Steven\AppData\Roaming\Malwarebytes2012-07-10 08:16 . 2012-07-10 08:16 -------- d-----w- c:\programdata\Malwarebytes2012-07-10 08:16 . 2012-07-10 08:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-07-10 08:16 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-07-10 06:54 . 2012-07-10 06:55 -------- d-----w- c:\users\Steven\AppData\Roaming\GetRightToGo2012-06-21 19:56 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe2012-06-21 19:56 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll2012-06-21 19:56 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll2012-06-21 19:56 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll2012-06-21 19:55 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll2012-06-21 19:55 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll2012-06-21 19:55 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll2012-06-21 19:55 . 2012-06-02 22:19 171904 ----a-w- c:\windows\system32\wuwebv.dll2012-06-21 19:55 . 2012-06-02 22:12 33792 ----a-w- c:\windows\system32\wuapp.exe2012-06-14 02:17 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys2012-06-14 02:17 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll2012-06-14 02:17 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys2012-06-14 02:17 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll2012-06-14 02:17 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll2012-06-14 02:17 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe2012-06-14 02:17 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll2012-06-14 02:17 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll2012-06-14 02:17 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll2012-06-14 02:17 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll2012-06-13 07:05 . 2012-06-13 07:06 -------- d-----w- c:\program files\iTunes2012-06-13 07:05 . 2012-06-13 07:05 -------- d-----w- c:\program files\iPod2012-06-13 01:49 . 2012-06-13 01:49 -------- d-----w- c:\users\Steven\AppData\Local\AVG Secure Search...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-06-23 11:34 . 2012-04-12 04:12 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-06-23 11:34 . 2011-06-02 12:45 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-04-19 11:50 . 2012-04-19 11:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys2012-04-19 03:56 . 2012-04-19 03:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx2012-04-19 03:56 . 2012-04-19 03:56 69632 ----a-w- c:\windows\system32\QuickTime.qts..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]2012-07-09 16:53 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208].[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}][HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1][HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]"gStart"="c:\program files\Garmin\Training Center\gStart.exe" [2008-08-13 1891416]"RepairSolutions"="c:\program files\RepairSolutions\RepairSolutions.exe" [2009-04-29 4688896]"Akamai NetSession Interface"="c:\users\Steven\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-06 336384]"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2569616]"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2010-01-19 124256]"PivotSoftware"="c:\program files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" [2010-05-13 110192]"DT HWP"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2011-03-02 121456]"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-09 1107552]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]Drobo Dashboard.lnk - c:\program files\Drobo\Drobo Dashboard\DroboDashboard.exe [2011-4-15 5492736]VideoBrowser Camera Monitor.lnk - c:\program files\PIXELA\VideoBrowser\CameraMonitor.exe [2011-12-22 636272].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"aux1"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart.R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [x]R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [x]R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [x]S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]S2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [x]S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]..[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper.Contents of the 'Scheduled Tasks' folder.2012-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 11:34]..------- Supplementary Scan -------.uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>Trusted Zone: intuit.com\ttlcTCP: DhcpNameServer = 192.168.1.1Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll.- - - - ORPHANS REMOVED - - - -.WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)HKCU-Run-AdobeBridge - (no file)HKCU-Run-Adobe - c:\users\Steven\AppData\Local\Akamai\Adobe\xjqvus.dll...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'Explorer.exe'(4332)c:\program files\Common Files\Portrait Displays\Plugins\DP\msgHook.dll.------------------------ Other Running Processes ------------------------.c:\progra~1\AVG\AVG2012\avgrsx.exec:\program files\AVG\AVG2012\avgcsrvx.exec:\windows\system32\atieclxx.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Common Files\Portrait Displays\Shared\dtsrvc.exec:\program files\LeapFrog\LeapFrog Connect\CommandService.exec:\windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXEc:\program files\AVG\AVG2012\avgnsx.exec:\program files\AVG\AVG2012\avgemcx.exec:\windows\system32\WUDFHost.exec:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exec:\program files\Windows Media Player\wmpnetwk.exec:\windows\system32\taskhost.exec:\windows\system32\conhost.exec:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exec:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exec:\program files\Portrait Displays\HP Display Assistant\DTHtml.exec:\program files\Common Files\Portrait Displays\Shared\HookManager.exec:\program files\Common Files\Apple\Apple Application Support\distnoted.exec:\windows\system32\conhost.exec:\program files\iPod\bin\iPodService.exec:\program files\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe.**************************************************************************.Completion time: 2012-07-10 23:13:12 - machine was rebootedComboFix-quarantined-files.txt 2012-07-11 06:13.Pre-Run: 760,838,275,072 bytes freePost-Run: 760,230,924,288 bytes free.- - End Of File - - A0BB0D605834CAF371D706BBB75B6BAA Link to post Share on other sites More sharing options...
stevo1963 Posted July 11, 2012 Author ID:569227 Share Posted July 11, 2012 Here is the newest dds.txt file..DDS (Ver_2011-08-26.01) - NTFSx86Internet Explorer: 9.0.8112.16421Run by Steven at 23:30:19 on 2012-07-10Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.1839 [GMT -7:00].AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\PROGRA~1\AVG\AVG2012\avgrsx.exeC:\Program Files\AVG\AVG2012\avgcsrvx.exeC:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\atieclxx.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exeC:\Program Files\AVG\AVG2012\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exeC:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestrictedC:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exeC:\Program Files\AVG\AVG2012\AVGIDSAgent.exeC:\Program Files\Spybot - Search & Destroy\SDWinSec.exeC:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXEC:\Program Files\AVG\AVG2012\avgnsx.exeC:\Program Files\AVG\AVG2012\avgemcx.exeC:\Windows\system32\WUDFHost.exeC:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exeC:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Program Files\AVG\AVG2012\avgtray.exeC:\Program Files\Canon\MyPrinter\BJMYPRT.EXEC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXEC:\Program Files\AVG Secure Search\vprot.exeC:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exeC:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Garmin\Training Center\gStart.exeC:\Program Files\RepairSolutions\RepairSolutions.exeC:\Program Files\Portrait Displays\HP Display Assistant\DTHtml.exeC:\Program Files\Common Files\Apple\Internet Services\ubd.exeC:\Program Files\Audible\Bin\AudibleDownloadHelper.exeC:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exeC:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exeC:\Windows\system32\conhost.exeC:\Program Files\iPod\bin\iPodService.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files\Common Files\Portrait Displays\Plugins\DP\DPHelper.exeC:\Windows\Explorer.exeC:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXEC:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\REGSVR32.exeC:\Windows\system32\conhost.exe.============== Pseudo HJT Report ===============.uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dllBHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dllBHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dllBHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllTB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dllTB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dllEB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dlluRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exeuRun: [gStart] c:\program files\garmin\training center\gStart.exeuRun: [RepairSolutions] "c:\program files\repairsolutions\RepairSolutions.exe"uRun: [Akamai NetSession Interface] "c:\users\steven\appdata\local\akamai\netsession_win.exe"uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exemRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exemRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbyloginmRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRunmRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logonmRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logonmRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXEmRun: [PivotSoftware] "c:\program files\portrait displays\pivot pro plugin\Pivot_startup.exe" -delay=10mRun: [DT HWP] c:\program files\common files\portrait displays\shared\DT_startup.exe -HWPmRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exemRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [vProt] "c:\program files\avg secure search\vprot.exe"mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [uSBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exemRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\drobod~1.lnk - c:\program files\drobo\drobo dashboard\DroboDashboard.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\videob~1.lnk - c:\program files\pixela\videobrowser\CameraMonitor.exemPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLLIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dllTrusted Zone: intuit.com\ttlcDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cabTCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{1C5902D1-D606-4228-8FE4-AE5735AC3573} : DhcpNameServer = 192.168.1.1Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dllHandler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll.============= SERVICES / DRIVERS ===============.R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-5 176128]R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]R2 PdiService;Portrait Displays SDK Service;c:\program files\common files\portrait displays\drivers\pdisrvc.exe [2011-5-9 113264]R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-7-9 1153368]R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-4-20 7772160]R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-4-20 243712]R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-11 250056]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2011-11-12 19456]S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-13 20992]S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-4 1343400].=============== Created Last 30 ================.2012-07-11 06:11:52 -------- d-sh--w- C:\$RECYCLE.BIN2012-07-11 06:00:28 -------- d-----w- c:\users\steven\appdata\local\temp2012-07-11 05:32:32 98816 ----a-w- c:\windows\sed.exe2012-07-11 05:32:32 518144 ----a-w- c:\windows\SWREG.exe2012-07-11 05:32:32 256000 ----a-w- c:\windows\PEV.exe2012-07-11 05:32:32 208896 ----a-w- c:\windows\MBR.exe2012-07-10 18:41:57 -------- d-----w- c:\program files\ESET2012-07-10 08:16:33 -------- d-----w- c:\users\steven\appdata\roaming\Malwarebytes2012-07-10 08:16:21 -------- d-----w- c:\programdata\Malwarebytes2012-07-10 08:16:20 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-07-10 08:16:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-07-10 06:54:14 -------- d-----w- c:\users\steven\appdata\roaming\GetRightToGo2012-06-21 19:56:14 2422272 ----a-w- c:\windows\system32\wucltux.dll2012-06-21 19:55:49 88576 ----a-w- c:\windows\system32\wudriver.dll2012-06-21 19:55:28 33792 ----a-w- c:\windows\system32\wuapp.exe2012-06-21 19:55:28 171904 ----a-w- c:\windows\system32\wuwebv.dll2012-06-14 02:17:36 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys2012-06-14 02:17:22 2342400 ----a-w- c:\windows\system32\msi.dll2012-06-14 02:17:19 2343936 ----a-w- c:\windows\system32\win32k.sys2012-06-14 02:17:13 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe2012-06-14 02:17:13 58880 ----a-w- c:\windows\system32\rdpwsx.dll2012-06-14 02:17:13 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll2012-06-14 02:17:10 164352 ----a-w- c:\windows\system32\profsvc.dll2012-06-14 02:17:05 140288 ----a-w- c:\windows\system32\cryptsvc.dll2012-06-14 02:17:05 1158656 ----a-w- c:\windows\system32\crypt32.dll2012-06-14 02:17:05 103936 ----a-w- c:\windows\system32\cryptnet.dll2012-06-13 07:05:34 -------- d-----w- c:\program files\iTunes2012-06-13 07:05:34 -------- d-----w- c:\program files\iPod2012-06-13 01:49:46 -------- d-----w- c:\users\steven\appdata\local\AVG Secure Search.==================== Find3M ====================.2012-06-23 11:34:08 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-06-23 11:34:08 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb2012-04-19 11:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys2012-04-19 03:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx2012-04-19 03:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts.============= FINISH: 23:30:53.57 =============== Link to post Share on other sites More sharing options...
Staff screen317 Posted July 11, 2012 Staff ID:569358 Share Posted July 11, 2012 Hi, Next, please run a free online scan with the ESET Online Scanner Note: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick Scan Wait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topic Next, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document. Let me know how things are running now and what issues remain. Link to post Share on other sites More sharing options...
stevo1963 Posted July 11, 2012 Author ID:569410 Share Posted July 11, 2012 Currently running the ESET scan. Looks like it's going to be about another hour but will post results as soon as they are available. I ran the ESET scan a couple of days ago and it did find a couple of items and removed them but I'm still having some redirect issues. But we will proceed in the order that you have recommended and am trying not to use the google search engine until we can hopefuly resolve this issue. Your assistance is most appreciated by the way. This is just an update. Link to post Share on other sites More sharing options...
Staff screen317 Posted July 11, 2012 Staff ID:569449 Share Posted July 11, 2012 Thanks for the update. Where are you getting redirected to? Link to post Share on other sites More sharing options...
stevo1963 Posted July 11, 2012 Author ID:569511 Share Posted July 11, 2012 here is the txt file from ESET: ESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OKesets_scanner_update returned -1 esets_gle=53251it seems to be a very generic looking page related to the search that I typed into the google search engine. ESET found another item and removed it. I'll move on to the next step in your process list. Thanks again. Link to post Share on other sites More sharing options...
stevo1963 Posted July 11, 2012 Author ID:569513 Share Posted July 11, 2012 Here is the txt file from the security check: Results of screen317's Security Check version 0.99.42 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG Anti-Virus Free Edition 2012 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.61.0.1400 Java 6 Update 31 Java version out of Date! Adobe Flash Player 11.3.300.262 Adobe Reader X (10.1.3)````````Process Check: objlist.exe by Laurent```````` Spybot Teatimer.exe is disabled! AVG avgwdsvc.exe AVG avgtray.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe`````````````````System Health check````````````````` Total Fragmentation on Drive C: 0%````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
stevo1963 Posted July 12, 2012 Author ID:570003 Share Posted July 12, 2012 bump Link to post Share on other sites More sharing options...
Staff screen317 Posted July 14, 2012 Staff ID:570512 Share Posted July 14, 2012 Hi,Bumping puts you at the bottom of my reply list.Run TFC by OldTimer to clear temporary files:Please download TFC from here and save it to your desktop.Close any open programs and Internet browsers.Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.Please be patient as clearing out temp files may take a while.Once it completes you may be prompted to restart your computer, please do so.Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstallThis uninstalls all of ComboFix's components.Delete SecurityCheck.After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):Spybot (if you don't update and use it)Java™ 6 Update 31Restart your computer.Get the latest version of Java, Adobe Reader, and Adobe Flash Player.Let me know what issues remain.Are you still getting redirected?? If so, to where and on which browsers? Link to post Share on other sites More sharing options...
Staff screen317 Posted July 19, 2012 Staff ID:573129 Share Posted July 19, 2012 Are you still with us? This topic will be closed in a few days if we do not hear back from you. Link to post Share on other sites More sharing options...
Staff screen317 Posted July 26, 2012 Staff ID:576733 Share Posted July 26, 2012 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts