Jump to content

malwarebytes quarantines hijack.shell and I lose internet


Recommended Posts

I have a redirect virus infection and both avg and malwarebytes shows it as shell.exe and with corresponding entry in registry. Using either avg or malwarebytes to quarantine makes me lose internet..here is dds log

DDS (Ver_10-10-21.02) - NTFS_AMD64

Run by George at 23:51:31.58 on Mon 10/25/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4085.2124 [GMT -4:00]

============== Running Processes ===============

C:\PROGRA~2\AVG\AVG10\avgchsva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Users\George\AppData\Roaming\Microsoft\Windows\shell.exe

C:\program files (x86)\dell datasafe local backup\sftservice.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\AVG\AVG10\avgnsa.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\AVG\AVG10\avgemca.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe

C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

C:\Program Files (x86)\AVG\AVG10\avgtray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\splwow64.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe

C:\PROGRA~2\AVG\AVG10\avgrsa.exe

C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\msiexec.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\George\Desktop\dds.pif

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://headlines.verizon.com/headlines/portals/headlines.portal

uInternet Settings,ProxyServer = http=127.0.0.1:50370

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

uWinlogon: Shell=explorer.exe,C:\Users\George\AppData\Roaming\Microsoft\Windows\shell.exe

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [iSUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe" -scheduler

uRun: [svchost] C:\Users\George\AppData\Roaming\Microsoft\svchost.exe

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot

mRun: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe

StartupFolder: C:\Users\George\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

mRun-x64: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe

mRun-x64: [igfxTray] C:\Windows\system32\igfxtray.exe

mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-10-22 55280]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-9-7 305232]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-9-7 381008]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-22 92160]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-10-11 6104656]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-9-10 265400]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-10-22 689472]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 157264]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920]

R3 lvpepf64;Volume Adapter;C:\Windows\System32\drivers\lv302a64.sys [2010-1-2 15896]

R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2010-1-2 327576]

R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2008-7-26 50072]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-11-5 291328]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-10-24 517448]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-26 1255736]

=============== Created Last 30 ================

2010-10-24 22:18:16 -------- d-----w- C:\Users\George\AppData\Roaming\AVG10

2010-10-24 22:17:30 -------- d-----w- C:\PROGRA~3\AVG Security Toolbar

2010-10-24 22:16:34 -------- d-----w- C:\Windows\System32\drivers\AVG

2010-10-24 17:55:03 -------- d-----w- C:\Users\George\AppData\Roaming\Malwarebytes

2010-10-24 17:54:56 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2010-10-24 17:54:55 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys

2010-10-24 17:54:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2010-10-24 17:54:55 -------- d-----w- C:\PROGRA~3\Malwarebytes

2010-10-24 17:12:09 6231376 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2010-10-24 17:12:05 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{B9A3A1D9-9474-46F8-9EB5-11CABF0425E1}\mpengine.dll

2010-10-24 16:37:22 -------- d--h--w- C:\PROGRA~3\Common Files

2010-10-24 16:36:05 -------- d-----w- C:\PROGRA~3\AVG10

2010-10-24 16:02:21 -------- d-----w- C:\PROGRA~3\MFAData

2010-10-24 15:25:17 -------- d-----w- C:\Windows\en

2010-10-24 15:18:06 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a6d9d0e91cb738e1e\InstallManager_WLE_WLE.exe

2010-10-24 15:17:39 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\985d30fe1cb738e1a\DSETUP.dll

2010-10-24 15:17:39 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\985d30fe1cb738e1a\DXSETUP.exe

2010-10-24 15:17:39 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\985d30fe1cb738e1a\dsetup32.dll

2010-10-24 15:17:37 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\950990f71cb738e19\DSETUP.dll

2010-10-24 15:17:37 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\950990f71cb738e19\DXSETUP.exe

2010-10-24 15:17:37 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\950990f71cb738e19\dsetup32.dll

2010-10-24 15:16:19 -------- d-----w- C:\Users\George\AppData\Local\Windows Live

2010-10-24 15:15:14 206848 ----a-w- C:\Windows\System32\mfps.dll

2010-10-24 15:15:13 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll

2010-10-24 15:15:13 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll

2010-10-24 15:15:13 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2010-10-24 15:15:13 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2010-10-24 15:15:12 4068864 ----a-w- C:\Windows\System32\mf.dll

2010-10-24 15:15:11 3181568 ----a-w- C:\Windows\SysWow64\mf.dll

2010-10-24 04:21:59 -------- d-----w- C:\PROGRA~3\SITEguard

2010-10-24 04:21:05 -------- d-----w- C:\Program Files (x86)\Common Files\iS3

2010-10-24 04:21:05 -------- d-----w- C:\PROGRA~3\STOPzilla!

2010-10-14 20:24:21 -------- d-----w- C:\86bc453348d8a6ba6d1bdb95dbbba7

2010-10-14 17:28:56 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe

2010-10-14 17:28:55 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

2010-10-14 17:28:55 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

2010-10-14 17:28:55 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

2010-10-14 17:28:53 9728 ----a-w- C:\Windows\SysWow64\sscore.dll

2010-10-14 17:28:53 463360 ----a-w- C:\Windows\System32\drivers\srv.sys

2010-10-14 17:28:53 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys

2010-10-14 17:28:53 236032 ----a-w- C:\Windows\System32\srvsvc.dll

2010-10-14 17:28:53 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2010-10-14 17:28:52 3123712 ----a-w- C:\Windows\System32\win32k.sys

2010-09-30 01:18:50 243712 ----a-w- C:\Windows\System32\drivers\ks.sys

2010-09-29 09:15:59 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2010-09-29 09:15:59 2048 ----a-w- C:\Windows\System32\tzres.dll

2010-09-29 09:15:57 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll

2010-09-29 09:15:57 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll

==================== Find3M ====================

2010-10-19 15:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe

2010-09-23 04:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll

2010-09-23 04:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR

2010-09-21 18:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL

2010-09-21 18:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL

2010-09-13 20:28:00 27216 ----a-w- C:\Windows\System32\drivers\AVGIDSEH.sys

2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll

2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec

2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2010-09-07 07:48:58 381008 ----a-w- C:\Windows\System32\drivers\avgtdia.sys

2010-09-07 07:48:56 41040 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys

2010-09-07 07:48:52 305232 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

2010-09-07 07:48:50 30288 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys

2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll

2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll

2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll

2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll

2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll

2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll

2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll

2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe

2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll

2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll

2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

2010-08-20 01:42:38 35920 ----a-w- C:\Windows\System32\drivers\AVGIDSFilter.sys

2010-08-20 01:42:38 157264 ----a-w- C:\Windows\System32\drivers\AVGIDSDriver.sys

2010-07-29 06:30:34 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll

============= FINISH: 23:52:05.14 ===============

Attach__2_.zip

ark.zip

Link to post
Share on other sites

Hello thepoet45h

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Link to post
Share on other sites

  • 3 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.