Jump to content

Am I infected?


Noobiew

Recommended Posts

Hi, I am new here and am wondering if my laptop is infected.

I visited a site and click on a graphic but a advertising sites appear instead. I close the tab but more tab with the same advertisment appeared. I panicked and kept pressing ctrl + W until only my bookmark tab left and everything seem find for the moment.

Could anyone tell me what actually happened and am I in any danger of being infected?

Link to post
Share on other sites

Hello and welcome,

Can you runn DDS and copy/paste the two logs into your next reply:

Download and save DDS to your Desktop from either of the following links:

http://download.blee...m/sUBs/dds.scr

http://compendiate.n...Bs/dds/dds.scr

Double click DDS to run the scan, Vista or Windows 7 user accept UAC alert.

There will be an alert that two logs will be saved to the Desktop, DDS.txt and Attach.txt

Copy and paste those two logs to your reply when the scan is complete....

Thank you,

Kevin

Link to post
Share on other sites

Hi sorry for the wait.

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16455

Run by user at 21:22:13 on 2012-11-28

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3959.2407 [GMT 8:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\nvvsvc.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\windows\system32\nvvsvc.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe

C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe

C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\WordWeb\wweb32.exe

C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\USB Camera2\VM332_STI.EXE

C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe

C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe

C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe

C:\windows\system32\taskeng.exe

C:\windows\System32\WUDFHost.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mStart Page = hxxp://lenovo.msn.com

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [WordWeb] "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE

mRun: [uCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"

mRun: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s

mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{93BAA0D2-69A5-47D1-B4AE-9E3B418420E2} : DHCPNameServer = 192.168.1.254

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-mStart Page = hxxp://lenovo.msn.com

x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\System32\NvCpl.dll,NvStartup

x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe

x64-Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe

x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t

x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ftoxbh11.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://gateway.2wire.net/index.asp

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll

.

============= SERVICES / DRIVERS ===============

.

R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2011-1-12 39008]

R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2012-7-28 984144]

R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2012-7-28 370288]

R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2012-7-28 25232]

R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2012-7-28 71600]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-6 44808]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-12 13336]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-1-12 2320920]

R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2011-1-12 28176]

R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2011-1-12 167816]

R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2011-1-12 56344]

R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2011-1-12 158976]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-1-12 347680]

R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 vm332avs;Lenovo Camera2;C:\windows\System32\drivers\vm332avs.sys [2011-1-12 229456]

R3 wdmirror;wdmirror;C:\windows\System32\drivers\WDMirror.sys [2011-1-12 11280]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]

S3 Bridge0;Bridge0;C:\windows\System32\drivers\WDBridge.sys [2011-1-12 79376]

S3 btusbflt;Bluetooth USB Filter;C:\windows\System32\drivers\btusbflt.sys [2011-1-12 52264]

S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2011-1-12 35104]

S3 IGRS;IGRS;C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-7-14 38152]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\windows\System32\drivers\k57nd60a.sys [2009-6-11 270848]

S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [2011-1-12 509192]

S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [2011-1-12 579400]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\System32\drivers\netw5v64.sys [2009-6-11 5434368]

S3 PS_MDP;ReadyComm Presentation Space Helper Service;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-1-12 242720]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-4-15 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-4-15 1255736]

S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]

.

=============== File Associations ===============

.

FileExt: .inf: inffile=C:\windows\System32\NOTEPAD.EXE %1 [userChoice]

FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe","%1"

ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"

.

=============== Created Last 30 ================

.

2012-11-27 13:32:53 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{254A5585-408B-4C2E-AA3A-44D80E612231}\mpengine.dll

2012-11-14 01:39:08 2560 ----a-w- C:\windows\System32\drivers\en-US\wdf01000.sys.mui

2012-11-14 01:39:07 9728 ----a-w- C:\windows\System32\Wdfres.dll

2012-11-14 01:39:07 785512 ----a-w- C:\windows\System32\drivers\Wdf01000.sys

2012-11-14 01:39:07 54376 ----a-w- C:\windows\System32\drivers\WdfLdr.sys

2012-11-14 01:30:56 87040 ----a-w- C:\windows\System32\drivers\WUDFPf.sys

2012-11-14 01:29:54 3149824 ----a-w- C:\windows\System32\win32k.sys

2012-11-14 01:29:44 95744 ----a-w- C:\windows\System32\synceng.dll

2012-11-14 01:29:44 78336 ----a-w- C:\windows\SysWow64\synceng.dll

.

==================== Find3M ====================

.

2012-11-12 11:49:02 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-12 11:49:02 697272 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-10-30 22:51:55 984144 ----a-w- C:\windows\System32\drivers\aswSnx.sys

2012-10-30 22:51:55 71600 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys

2012-10-30 22:51:07 41224 ----a-w- C:\windows\avastSS.scr

2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll

2012-10-15 15:59:28 54072 ----a-w- C:\windows\System32\drivers\aswRdr2.sys

2012-10-09 18:17:13 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll

2012-10-08 11:31:03 2312704 ----a-w- C:\windows\System32\jscript9.dll

2012-10-08 11:23:52 1392128 ----a-w- C:\windows\System32\wininet.dll

2012-10-08 11:22:55 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2012-10-08 11:18:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2012-10-08 11:17:35 599040 ----a-w- C:\windows\System32\vbscript.dll

2012-10-08 11:13:33 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-10-08 07:56:24 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-10-08 07:48:03 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2012-10-08 07:47:44 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-10-08 07:44:05 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2012-10-08 07:43:21 420864 ----a-w- C:\windows\SysWow64\vbscript.dll

2012-10-08 07:40:56 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-10-03 17:56:54 1914248 ----a-w- C:\windows\System32\drivers\tcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:\windows\System32\nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:\windows\System32\nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:\windows\System32\netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:\windows\System32\netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:\windows\System32\ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:\windows\System32\iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:\windows\SysWow64\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:\windows\SysWow64\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:\windows\SysWow64\ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:\windows\System32\drivers\tcpipreg.sys

2012-09-29 11:54:26 25928 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-09-14 19:19:29 2048 ----a-w- C:\windows\System32\tzres.dll

2012-09-14 18:28:53 2048 ----a-w- C:\windows\SysWow64\tzres.dll

2012-08-31 18:19:35 1659760 ----a-w- C:\windows\System32\drivers\ntfs.sys

2012-08-30 18:03:45 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe

2012-08-30 17:12:02 3968880 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12:02 3914096 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

.

============= FINISH: 21:22:37.29 ===============

Link to post
Share on other sites

Dont worry about reply times, we all have busy lives. OK you have only posted one log from DDS. Attach.txt is missing, can you post that please. Also do this:

Please download AdwCleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Please post the log.

Next,

Malwarebytes Anti-Malware and save it to your desktop.

Alernative D/L mirror

Alternative D/L mirror

Double Click mbam-setup.exe to install the application.

  • mbamicontw5.gif Please download
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Post thos logs please,

Kevin...

Link to post
Share on other sites

I am sort of confuse by your reply. Sorry but I am a bit worried, is my computer in such a danger that it needs to install AdwCleaner to be clean I already have malwarebytes install and I have scan it yesterday and it found nothing. Below is the attached.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 4/14/2011 5:58:08 PM

System Uptime: 11/28/2012 9:03:25 PM (0 hours ago)

.

Motherboard: LENOVO | | Base Board Product Name

Processor: Intel® Core i5 CPU M 480 @ 2.67GHz | CPU | 2373/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 552 GiB total, 364.056 GiB free.

D: is FIXED (NTFS) - 29 GiB total, 1.229 GiB free.

E: is Removable

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}

Description: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device

Device ID: USB\VID_0489&PID_E00D\889FFADAA919

Manufacturer: Broadcom

Name: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device

PNP Device ID: USB\VID_0489&PID_E00D\889FFADAA919

Service: BTHUSB

.

==== System Restore Points ===================

.

RP236: 11/2/2012 8:50:29 PM - Windows Update

RP237: 11/4/2012 8:10:43 PM - Windows Backup

RP238: 11/6/2012 11:24:30 PM - Windows Update

RP239: 11/11/2012 11:06:54 PM - Windows Backup

RP240: 11/14/2012 9:30:21 AM - Windows Update

RP241: 11/17/2012 6:04:26 PM - Windows Update

RP242: 11/18/2012 7:00:21 PM - Windows Backup

RP243: 11/23/2012 7:42:33 PM - Windows Update

RP244: 11/25/2012 7:00:22 PM - Windows Backup

RP245: 11/27/2012 9:32:17 PM - Windows Update

RP246: 11/28/2012 7:11:13 PM - Windows Update

.

==== Installed Programs ======================

.

Acrobat.com

Adobe Acrobat 9 Pro - English, Français, Deutsch

Adobe Acrobat 9.4.5 - CPSID_83708

Adobe AIR

Adobe Community Help

Adobe Creative Suite 5 Design Premium

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Media Player

Adobe Reader XI

avast! Free Antivirus

Combined Community Codec Pack 2010-10-10

Conexant HD Audio

Creative Centrale

Creative Software Update

Creative ZEN X-Fi Style Documentation

CyberLink YouCam

D3DX10

Energy Management

ETDWare PS/2-x64 7.0.4.18_WHQL

Intel® Control Center

Intel® Management Engine Components

Intel® Rapid Storage Technology

Intel® Turbo Boost Technology Driver

Junk Mail filter update

Lenovo Bluetooth with Enhanced Data Rate Software

Lenovo DirectShare

Lenovo EasyCamera

Lenovo OneKey Recovery

Lenovo ReadyComm 5

Lenovo ReadyComm 5.0 Service

Lenovo_Wireless_Driver

Malwarebytes Anti-Malware version 1.65.1.1000

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft PowerPoint Viewer

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft_VC80_ATL_x86

Microsoft_VC80_ATL_x86_x64

Microsoft_VC80_CRT_x86

Microsoft_VC80_CRT_x86_x64

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFC_x86_x64

Microsoft_VC80_MFCLOC_x86

Microsoft_VC80_MFCLOC_x86_x64

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

Mozilla Firefox 17.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

NVIDIA Drivers

Onekey Theater

PDF Settings CS5

Power2Go

Real Alternative 1.9.0

Realtek Ethernet Controller Driver For Windows 7

Realtek USB 2.0 Card Reader

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VLC media player 1.1.10

Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)

Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)

Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)

Windows Driver Package - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1)

Windows Live ???

Windows Live ????

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.01 (64-bit)

WordWeb

.

==== Event Viewer Messages From Past Week ========

.

11/28/2012 9:06:32 PM, Error: Service Control Manager [7000] - The ReadyComm.DirectRouter service failed to start due to the following error: The system cannot find the file specified.

11/22/2012 1:12:51 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

.

==== End Of File ===========================

Link to post
Share on other sites

Your initial post indicated possible browser hijacking whilst online. I give a reply that offers a systematic approach, basically a diagnostic scan that will give an idea of the what is installed. As there was nothing obviously malicious in the primary log DDS.txt I decide to use what I believe are the best tools to progress.

AdwCleaner is a program that searches for and deletes Adware, Suspicious Toolbars, Potentially Unwanted Programs (PUP), Also certain types of browser Hijackers from your computer. AdwCleaner has the ability to enhance your browsing experience and make your PC safer.

The types of programs that AdwCleaner targets are typically bundled with free extras that you may have downloaded from the web. In many cases when you download and install a program, the install will state that certain extras may be included. Unless you perform a Custom install, these unwanted extras will automatically be installed on your computer leaving you with extra browser toolbars, adware, and other unwanted additions. AdwCleaner is designed to search for and remove these typically unwanted additions.

Regarding Malwarebytes and my offer of the installation instruction, I did not know you had it installed nor did I know you had actually ran it. As Attach.txt was missing I offered a full instruction.

Why have you given the following response in block capitals in the last reply;

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

If you would care to read my reply in post#2 you will see the following:

Can you run DDS and copy/paste the two logs into your next reply:

Download and save DDS to your Desktop from either of the following links:

http://download.blee...m/sUBs/dds.scr

http://compendiate.n...Bs/dds/dds.scr

Double click DDS to run the scan, Vista or Windows 7 user accept UAC alert.

There will be an alert that two logs will be saved to the Desktop, DDS.txt and Attach.txt

Copy and paste those two logs to your reply when the scan is complete....

Thank you,

If you do not wish to continue with my help please say so and we can close out this thread.....

Thank you,

Kevin..

Link to post
Share on other sites

I am so sorry I do not mean to offend you I wasn't the one that cap it, in the attach.txt it was all in cap I just copied the whole thing in. I do appreciate your help very much and all those question is because I wanted to understand for future use if I encountered the same thing.

Link to post
Share on other sites

These are my last question. Does most viruses and malwares etc. destroy data and documents or only virus destroy or alter data and files? Does malware infect computer through USB plug in devices? How do I know whether my USB Devices have been infected by anything?

I believe you can close the thread after these.

Thank you very much for your patience all these days.

Link to post
Share on other sites

Here is a good read for you regarding "What is a Virus" - http://www.microsoft.com/en-gb/security/pc-security/virus-whatis.aspx

Here is a good read for you regarding "What is Malware" - http://en.wikipedia.org/wiki/Malware

Regarding USB sticks usually yes can transfer Malware, specifically if you are transferring downloaded software or files gained through P2P sites. It is also very possible to transfer the likes of Virut which is very aggressive and other types of Virii...

Here is a typical application that can protect you when using USB sticks, it will neautralize the auto run feature so virri cannot run...

The usb vaccination performed by this program will permanently disable any autorun.inf functionality of your usb stick. After the vaccination you will be able to use the usb stick normally and files (even malware) can be copied to/from it, however they will be prevented from executing automatically. This vaccination can only be reversed with a reformat of the usb stick.

Download and save Panda USB Vaccine from >>>Here<<<

  • Double click the file USBVaccineSetup.exe to start the installation.
  • During setup uncheck the option to Run Panda USB Vaccine automatically when computer boots.
  • Start Panda USB Vaccine.
  • Insert your usb-stick, choose the correct drive letter (i.e "F:\") and click Vaccinate USB.
  • When it's finished, close the program.
  • You can delete the downloaded USBVaccineSetup.exe when you`re done if you you wish.

There are other versions but that one will work with Windows 7..

Kevin.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.