Jump to content

Looks like I'm Infected!


Recommended Posts

Hi,

I have a Windows 7 laptop from Gateway. Recently got infected and reloaded my operating system. I am suspicious that my recovery disks might even be infected. In any event, I'm infected again. It seems to be related to my browser (IExplorer and Firefox). Browser windows suddenly pop up with ads, sometimes just sound files turn on. MBAM, Spybot, Hijack This and AVG can't fix this problem. Please help!

I will post DDS.txt below, and I will attach the attach.ZIP file, but I was unable to download GMER. If you can give me another link to it, I will gladly download and get that file over too.

Thank you in advance for you help!

Robert

DDS.txt

DDS (Ver_10-10-10.03) - NTFS_AMD64

Run by Rob at 21:43:00.63 on Tue 10/19/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2205 [GMT -6:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Program Files (x86)\AVG\AVG9\avgchsva.exe

C:\Program Files (x86)\AVG\AVG9\avgrsa.exe

C:\Windows\system32\lsm.exe

C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe

C:\Windows\system32\svchost.exe -k HsfXAudioService

C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe

C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Windows\System32\tcpsvcs.exe

C:\Windows\System32\snmp.exe

C:\Program Files (x86)\AVG\AVG9\avgnsa.exe

C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

C:\Program Files (x86)\AVG\AVG9\avgemc.exe

C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files (x86)\PayPal Payment Request Wizard\QB US edition\OEHook.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\HidFind.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\AVG\AVG9\avgtray .exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe

C:\Windows\system32\taskmgr.exe

C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgr.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\sysWow64\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Users\Rob\Desktop\dds.scr

C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv52_series&r=2736100995b6l03c0z1h5a4751t295

uStart Page = hxxp://www.google.com/

mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv52_series&r=2736091095b6l03c0z1h5a4751t295

mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv52_series&r=2736091095b6l03c0z1h5a4751t295

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - __BHODemonDisabled

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll__BHODemonDisabled

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll__BHODemonDisabled

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll__BHODemonDisabled

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet

mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe

dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWow64\Macromed\Flash\FlashUtil10b.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\PayPal Payment Request Wizard\QB US edition\OEHook.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

Trusted Zone: real.com\rhap-app-4-0

Trusted Zone: real.com\rhapreg

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

mRun-x64: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe

mRun-x64: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

mRun-x64: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe

mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

AppInit_DLLs-X64: avgrssta.dll

Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2010-9-21 269904]

R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-21 35536]

R1 AvgTdiA;AVG Free Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2010-9-21 317520]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-21 203264]

R2 avg9emc;AVG Free E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-9-21 921952]

R2 avg9wd;AVG Free WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-9-21 308136]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-9-21 844320]

R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 27136]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-20 62720]

R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-8-15 240160]

R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2010-9-21 292864]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-20 317480]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-9-21 34872]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-22 135664]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-9-21 431432]

S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-6-10 620544]

S3 PTDUBus;PANTECH UM175 Composite Device Driver ;C:\Windows\System32\drivers\PTDUBus.sys [2010-9-25 70672]

S3 PTDUMdm;PANTECH UM175 Drivers;C:\Windows\System32\drivers\PTDUMdm.sys [2010-9-25 173456]

S3 PTDUVsp;PANTECH UM175 Diagnostic Port;C:\Windows\System32\drivers\PTDUVsp.sys [2010-9-25 173456]

S3 PTDUWFLT;PTDUWWAN Filter Driver;C:\Windows\System32\drivers\PTDUWFLT.sys [2010-9-25 12688]

S3 PTDUWWAN;PANTECH UM175 WWAN Driver;C:\Windows\System32\drivers\PTDUWWAN.sys [2010-9-25 141840]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-8-15 216064]

S3 Ser2rs;Radioshack USB to Serial Driver;C:\Windows\System32\drivers\ser2rs64.sys [2010-9-22 90112]

S3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-5-25 43032]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-23 1255736]

=============== Created Last 30 ================

2010-10-20 03:21:34 -------- d-----w- C:\Users\Rob\AppData\Local\Yahoo

2010-10-19 23:24:40 -------- d-----w- C:\Program Files (x86)\Yahoo!

2010-10-19 20:09:31 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2010-10-19 14:06:06 -------- d-----w- C:\Users\Rob\AppData\Local\ElevatedDiagnostics

2010-10-19 14:00:38 101376 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL

2010-10-17 15:32:29 388096 ----a-r- C:\Users\Rob\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-10-17 15:32:29 -------- d-----w- C:\Program Files (x86)\Trend Micro

2010-10-17 14:02:33 74760 ----a-w- C:\PROGRA~3\V6883NMx.exe

2010-10-15 20:20:43 -------- d-----w- C:\Program Files (x86)\Citrix

2010-10-15 20:19:42 -------- d-----w- C:\Users\Rob\AppData\Local\Deployment

2010-10-15 20:19:42 -------- d-----w- C:\Users\Rob\AppData\Local\Apps

2010-10-14 22:48:18 3123712 ----a-w- C:\Windows\System32\win32k.sys

2010-10-09 19:08:16 569397 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll

2010-10-09 19:08:13 -------- d-----w- C:\Program Files (x86)\V CAST Music with Rhapsody

2010-10-01 03:01:16 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll

2010-09-30 16:29:48 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys

2010-09-30 16:29:47 243712 ----a-w- C:\Windows\System32\drivers\ks.sys

2010-09-29 14:09:41 929844 ----a-w- C:\Windows\SysWow64\MFC42D.DLL

2010-09-29 14:09:41 798773 ----a-w- C:\Windows\SysWow64\MFCO42D.DLL

2010-09-29 14:09:41 385100 ----a-w- C:\Windows\SysWow64\MSVCRTD.DLL

2010-09-29 14:09:39 -------- d-----w- C:\Program Files (x86)\PayPal Payment Request Wizard

2010-09-29 14:09:01 692224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll

2010-09-29 14:09:01 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll

2010-09-29 14:09:01 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe

2010-09-29 14:09:01 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll

2010-09-29 14:09:01 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll

2010-09-29 14:09:00 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll

2010-09-29 14:09:00 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll

2010-09-29 13:22:17 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2010-09-29 13:22:17 2048 ----a-w- C:\Windows\System32\tzres.dll

2010-09-29 13:21:56 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll

2010-09-29 13:21:56 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll

2010-09-28 22:26:50 33792 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\sdt1cpc.dll

2010-09-25 14:46:13 -------- d-----w- C:\Users\Rob\AppData\Roaming\Verizon Wireless

2010-09-25 14:45:35 -------- d-----w- C:\PROGRA~3\Verizon Wireless

2010-09-25 14:45:34 -------- d-----w- C:\Program Files (x86)\Verizon Wireless

2010-09-25 14:19:22 70672 ----a-w- C:\Windows\System32\drivers\PTDUBus.sys

2010-09-25 14:19:22 173456 ----a-w- C:\Windows\System32\drivers\PTDUVsp.sys

2010-09-25 14:19:22 173456 ----a-w- C:\Windows\System32\drivers\PTDUMdm.sys

2010-09-25 14:19:22 141840 ----a-w- C:\Windows\System32\drivers\PTDUWWAN.sys

2010-09-25 14:19:22 12688 ----a-w- C:\Windows\System32\drivers\PTDUWFLT.sys

2010-09-25 14:19:21 -------- d-----w- C:\Program Files\PANTECH

2010-09-24 18:03:25 -------- d-----w- C:\Users\Rob\AppData\Local\Adobe

2010-09-24 05:30:27 -------- d-----w- C:\Windows\pss

2010-09-24 05:07:09 100952 ----a-w- C:\Windows\SysWow64\PTDUWmcp.dll

2010-09-24 05:07:09 100952 ----a-w- C:\Windows\System32\PTDUWmcp.dll

2010-09-24 05:07:08 111704 ----a-w- C:\Windows\SysWow64\PTDUWmcp64.dll

2010-09-24 05:07:08 111704 ----a-w- C:\Windows\System32\PTDUWmcp64.dll

2010-09-23 17:11:00 -------- d-----w- C:\Windows\SysWow64\drivers\avg

2010-09-23 17:01:04 -------- d-----w- C:\Windows\SysWow64\Wat

2010-09-23 17:01:04 -------- d-----w- C:\Windows\System32\Wat

2010-09-23 09:52:58 311808 ----a-w- C:\Windows\System32\msv1_0.dll

2010-09-23 09:52:58 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll

2010-09-23 09:44:13 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll

2010-09-23 09:44:13 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll

2010-09-23 09:44:13 48960 ----a-w- C:\Windows\System32\netfxperf.dll

2010-09-23 09:44:13 444752 ----a-w- C:\Windows\System32\mscoree.dll

2010-09-23 09:44:13 320352 ----a-w- C:\Windows\System32\PresentationHost.exe

2010-09-23 09:44:13 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll

2010-09-23 09:44:13 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe

2010-09-23 09:44:13 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2010-09-23 09:44:13 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll

2010-09-23 09:44:13 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll

2010-09-23 03:08:43 -------- d-----w- C:\Users\Rob\AppData\Roaming\Sisi

2010-09-22 21:29:08 -------- d-----w- C:\Users\Rob\AppData\Roaming\Malwarebytes

2010-09-22 21:28:56 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2010-09-22 21:28:54 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys

2010-09-22 21:28:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2010-09-22 18:56:57 -------- d-----w- C:\Program Files\Common Files\Intuit

2010-09-22 18:48:19 3833856 ----a-w- C:\Windows\SysWow64\cdintf300.dll

2010-09-22 18:46:13 -------- d-----w- C:\Users\Rob\AppData\Local\Intuit

2010-09-22 18:44:37 -------- d-----w- C:\Program Files (x86)\Common Files\supportsoft

2010-09-22 18:44:09 4194304 ----a-w- C:\Windows\SysWow64\cdintf400.dll

2010-09-22 18:42:13 -------- d-----w- C:\Program Files (x86)\Intuit

2010-09-22 18:42:13 -------- d-----w- C:\Program Files (x86)\Common Files\Intuit

2010-09-22 18:35:48 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2010-09-22 18:27:26 -------- d-----w- C:\Program Files (x86)\Akamai

2010-09-22 18:19:47 72192 ----a-w- C:\Windows\System32\KemXML.dll

2010-09-22 18:19:47 228864 ----a-w- C:\Windows\System32\kemutb.dll

2010-09-22 18:19:47 218112 ----a-w- C:\Windows\System32\KemUtil.dll

2010-09-22 18:19:47 152064 ----a-w- C:\Windows\System32\KemWnd.dll

2010-09-22 18:19:29 -------- d-----w- C:\Program Files\Common Files\Logitech

2010-09-22 17:49:51 90112 ----a-w- C:\Windows\System32\drivers\ser2rs64.sys

2010-09-22 17:49:49 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll

2010-09-22 17:49:49 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll

2010-09-22 17:49:49 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe

2010-09-22 17:49:49 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll

2010-09-22 17:49:49 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll

2010-09-22 17:49:49 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll

2010-09-22 17:49:49 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll

2010-09-22 17:49:48 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll

2010-09-22 17:36:49 861184 ----a-w- C:\Windows\System32\oleaut32.dll

2010-09-22 08:11:12 -------- d-----w- C:\Users\Rob\AppData\Roaming\Kuax

2010-09-22 08:05:45 77878 ----a-w- C:\Windows\SysWow64\temp.001

2010-09-22 08:05:45 37136 ----a-w- C:\Windows\SysWow64\temp.000

2010-09-22 08:05:45 295000 ----a-w- C:\Windows\SysWow64\temp.002

2010-09-22 08:05:45 164864 ----a-w- C:\Windows\SysWow64\UNWISE32.EXE

2010-09-22 08:04:54 -------- d-----w- C:\Program Files (x86)\HyperTerminal

2010-09-21 20:16:15 -------- d-----w- C:\Users\Rob\AppData\Roaming\Intuit

2010-09-21 20:12:06 -------- d-----w- C:\Users\Rob\AppData\Local\Mozilla

2010-09-21 20:10:03 -------- dc----w- C:\Users\Rob\AppData\Local\MigWiz

2010-09-21 19:39:52 -------- d-----w- C:\Users\Rob\AppData\Local\Microsoft Help

2010-09-21 17:41:59 53248 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2010-09-21 17:41:59 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2010-09-21 17:41:59 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2010-09-21 17:41:59 41984 ----a-w- C:\Windows\System32\aticalcl64.dll

2010-09-21 17:41:59 3264512 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2010-09-21 17:41:59 251904 ----a-w- C:\Windows\System32\atiadlxx.dll

2010-09-21 17:41:59 184320 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2010-09-21 17:41:59 118784 ----a-w- C:\Windows\System32\atibtmon.exe

2010-09-21 17:41:26 -------- d-----w- C:\Windows\Lan

2010-09-21 17:40:23 431104 ----a-w- C:\Windows\WisMvImg.exe

2010-09-21 17:40:23 159744 ----a-w- C:\Windows\PatchFul.exe

2010-09-21 17:40:22 382976 ----a-w- C:\Windows\WisGAPasx64.exe

2010-09-21 17:40:22 335872 ----a-w- C:\Windows\ParseModule_X64.exe

2010-09-21 17:40:21 322048 ----a-w- C:\Windows\WisGAPas.exe

2010-09-21 17:40:21 225280 ----a-w- C:\Windows\ParseModule_X86.exe

2010-09-21 17:28:51 13048 ----a-w- C:\Windows\System32\avgrssta.dll

2010-09-21 17:28:49 317520 ----a-w- C:\Windows\System32\drivers\avgtdia.sys

2010-09-21 17:28:43 269904 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

2010-09-21 17:28:42 35536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys

2010-09-21 17:28:41 -------- d-----w- C:\Windows\System32\drivers\Avg

2010-09-21 17:25:22 -------- d-----w- C:\Program Files (x86)\AVG

2010-09-21 17:15:51 -------- d-----w- C:\Users\Rob\AppData\Local\Google

2010-09-21 17:15:08 220672 ----a-w- C:\Windows\System32\wintrust.dll

2010-09-21 17:15:08 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll

2010-09-21 17:15:08 139264 ----a-w- C:\Windows\System32\cabview.dll

2010-09-21 17:15:08 132608 ----a-w- C:\Windows\SysWow64\cabview.dll

2010-09-21 17:12:25 -------- d-----w- C:\Program Files\CONEXANT

2010-09-21 17:12:21 740864 ----a-w- C:\Windows\System32\drivers\CAX_CNXT.sys

2010-09-21 17:12:21 292864 ----a-w- C:\Windows\System32\drivers\CAXHWAZL.sys

2010-09-21 17:12:21 1485824 ----a-w- C:\Windows\System32\drivers\CAX_DPV.sys

2010-09-21 17:12:16 -------- d-----w- C:\Backup

2010-09-21 17:10:25 6982480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{28E9171E-C317-4AD9-BAC7-000395DEB5F2}\mpengine.dll

2010-09-21 16:57:07 -------- d-----w- C:\Users\Rob\AppData\Local\ATI

2010-09-21 16:56:27 -------- d-----w- C:\Users\Rob\AppData\Local\Power2Go

2010-09-21 16:39:26 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll

2010-09-21 16:39:26 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll

2010-09-21 16:39:02 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2010-09-21 16:38:08 -------- d-----w- C:\Program Files (x86)\Microsoft

2010-09-21 16:37:50 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive

2010-09-21 16:36:59 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3659b0ea1cb59ab\DSETUP.dll

2010-09-21 16:36:59 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3659b0ea1cb59ab\DXSETUP.exe

2010-09-21 16:36:59 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3659b0ea1cb59ab\dsetup32.dll

2010-09-21 16:36:16 140066664 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlcE06F.tmp

2010-09-21 16:36:05 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live

2010-09-21 16:35:46 -------- d-----w- C:\Users\Rob\AppData\Local\Packard Bell

2010-09-21 16:35:03 -------- d-----w- C:\Program Files (x86)\Common Files\CyberLink

2010-09-21 16:34:14 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll

2010-09-21 16:31:30 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2010-09-21 16:31:30 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2010-09-21 16:31:30 1066544 ----a-w- C:\Windows\SysWow64\MFC71.dll

2010-09-21 16:31:30 1053232 ----a-w- C:\Windows\SysWow64\MFC71u.dll

2010-09-21 16:29:13 -------- d-----w- C:\Program Files (x86)\Launch Manager

2010-09-21 16:28:40 -------- d-----w- C:\Program Files (x86)\VideoWebCamera

2010-09-21 16:27:59 -------- d-----w- C:\Program Files\Apoint2K

2010-09-21 16:25:07 34872 ----a-w- C:\Windows\System32\drivers\usbfilter.sys

2010-09-21 16:25:06 -------- d-----w- C:\Program Files (x86)\AMD

2010-09-21 16:22:56 -------- d-----w- C:\Program Files\ATI

2010-09-21 16:22:54 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2010-09-21 16:19:12 -------- d-----w- C:\Users\Rob\AppData\Local\VirtualStore

==================== Find3M ====================

2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll

2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec

2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll

2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll

2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll

2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll

2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys

2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys

2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll

2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll

2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll

2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll

2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll

2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe

2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll

2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll

2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

2010-07-29 06:30:34 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll

============= FINISH: 21:44:20.00 ===============

Attach.zip

Link to post
Share on other sites

Sorry, I forgot to attach the MBAM log file. Here it is.

Thanks,

Robert

MBAM log

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4886

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

10/19/2010 3:28:26 PM

mbam-log-2010-10-19 (15-28-26).txt

Scan type: Quick scan

Objects scanned: 177488

Time elapsed: 6 minute(s), 8 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hi,

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Under the Custom Scan box paste this in
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.