Jump to content

Can't Connect to Internet After Removing Smart Engine


Recommended Posts

In the meantime, here is my DDS result...

DDS (Ver_10-11-01.01) - NTFS_AMD64

Run by Cindy at 17:19:51.22 on Mon 11/01/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2268 [GMT -7:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Program Files (x86)\AVG\AVG9\avgchsva.exe

C:\Program Files (x86)\AVG\AVG9\avgrsa.exe

C:\Windows\system32\lsm.exe

C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k NetworkService

c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe

C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe

C:\Windows\system32\conhost.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\MozyHome\mozybackup.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\MSN\Toolbar\4.0.0412.0\mstbsvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\MozyHome\mozybackup.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files (x86)\AVG\AVG9\avgemc.exe

C:\Program Files (x86)\AVG\AVG9\avgnsa.exe

C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\MozyHome\mozystat.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe

C:\Program Files (x86)\AVG\AVG9\avgtray.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

C:\Windows\system32\DllHost.exe

C:\Windows\TEMP\InstallManager_Sun_Sun.exe

C:\Windows\SysWOW64\WinMsgBalloonServer.exe

C:\Windows\SysWOW64\WinMsgBalloonClient.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Windows\system32\wuauclt.exe

C:\Users\Cindy\Desktop\OTL.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Cindy\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://us.mc519.mail.yahoo.com/mc/welcome?.gx=1&.tm=1285175964&.rand=d6jq1rlgm773d

uDefault_Page_URL = hxxp://www.msn.com

uWindow Title = Internet Explorer, optimized for Bing and MSN

uInternet Settings,ProxyServer = http=127.0.0.1:25416

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

uRun: [AdobeBridge] "C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe" -stealth

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe

mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"

mRunOnce: [sTToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe

StartupFolder: C:\Users\Cindy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOZYHO~1.LNK - C:\Program Files\MozyHome\mozystat.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

mRun-x64: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64

mRun-x64: [RunDLLEntry_EptMon] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64

mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

AppInit_DLLs-X64: avgrssta.dll

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-9-10 55280]

R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2010-9-22 269904]

R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-22 35536]

R1 AvgTdiA;AVG Free Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2010-9-22 317520]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-11 203264]

R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-3-15 122880]

R2 AMDFusionSVC;AMD Fusion Utility Service;C:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe [2009-9-8 383544]

R2 avg9emc;AVG Free E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-9-22 921952]

R2 avg9wd;AVG Free WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-9-22 308136]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 mstbsvc;MSN Toolbar Setup;C:\Program Files (x86)\MSN\Toolbar\4.0.0412.0\mstbsvc.exe [2010-4-6 102752]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-9-10 689472]

R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-9-11 6853632]

R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-9-11 263680]

R3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\System32\drivers\AmdLLD64.sys [2010-9-10 47672]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-9-11 321064]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-4-24 721768]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-4-24 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]

S3 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2010-9-11 226616]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-10-26 517448]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-23 1255736]

=============== Created Last 30 ================

2010-11-01 22:40:41 -------- d-----w- C:\Users\Cindy\AppData\Roaming\Malwarebytes

2010-11-01 22:40:35 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2010-11-01 22:40:34 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys

2010-11-01 22:40:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2010-11-01 22:40:34 -------- d-----w- C:\PROGRA~3\Malwarebytes

2010-11-01 22:35:26 -------- d-----w- C:\Users\Cindy\AppData\Local\Diagnostics

2010-11-01 22:13:37 -------- d-----w- C:\Users\Cindy\AppData\Roaming\SUPERAntiSpyware.com

2010-11-01 22:13:37 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com

2010-11-01 22:13:32 -------- d-----w- C:\PROGRA~3\!SASCORE

2010-11-01 22:13:31 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2010-11-01 22:01:01 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{7810BB1A-0531-4EBB-88F6-848A22AA9707}\mpengine.dll

2010-11-01 22:01:00 270720 ------w- C:\Windows\System32\MpSigStub.exe

2010-11-01 21:38:47 -------- d-sh--w- C:\Users\Cindy\AppData\Roaming\Smart Engine

2010-11-01 21:38:47 -------- d-sh--w- C:\PROGRA~3\SMLKUME

2010-11-01 21:38:30 -------- d-sh--w- C:\PROGRA~3\03b15e

2010-10-27 18:47:44 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\70b518741cb760722\MeshBetaRemover.exe

2010-10-27 18:47:24 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\650e7c3f1cb76071a\DSETUP.dll

2010-10-27 18:47:24 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\650e7c3f1cb76071a\DXSETUP.exe

2010-10-27 18:47:24 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\650e7c3f1cb76071a\dsetup32.dll

2010-10-27 18:47:23 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\63db6abc1cb760719\DSETUP.dll

2010-10-27 18:47:23 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\63db6abc1cb760719\DXSETUP.exe

2010-10-27 18:47:23 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\63db6abc1cb760719\dsetup32.dll

2010-10-27 18:46:30 -------- d-----w- C:\Users\Cindy\AppData\Local\Windows Live

2010-10-27 18:45:55 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll

2010-10-27 18:45:55 206848 ----a-w- C:\Windows\System32\mfps.dll

2010-10-27 18:45:54 4068864 ----a-w- C:\Windows\System32\mf.dll

2010-10-27 18:45:54 3181568 ----a-w- C:\Windows\SysWow64\mf.dll

2010-10-27 18:45:54 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll

2010-10-27 18:45:54 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2010-10-27 18:45:54 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2010-10-26 17:18:31 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2010-10-26 17:18:29 961024 ----a-w- C:\Windows\System32\CPFilters.dll

2010-10-26 17:18:29 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll

2010-10-26 17:18:29 552960 ----a-w- C:\Windows\System32\msdri.dll

2010-10-26 17:18:29 288256 ----a-w- C:\Windows\System32\MSNP.ax

2010-10-26 17:18:29 258560 ----a-w- C:\Windows\System32\mpg2splt.ax

2010-10-26 17:18:29 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax

2010-10-26 17:18:29 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax

2010-10-14 10:00:51 -------- d-----w- C:\499caf32b0ff258db99a

2010-10-14 05:08:13 148992 ----a-w- C:\Windows\System32\t2embed.dll

2010-10-14 05:08:13 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll

2010-10-14 05:08:12 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe

2010-10-14 05:08:12 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe

2010-10-14 05:08:12 2085376 ----a-w- C:\Windows\System32\ole32.dll

2010-10-14 05:08:12 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll

2010-10-14 05:08:05 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll

2010-10-14 05:08:05 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll

2010-10-14 05:08:04 633856 ----a-w- C:\Windows\System32\comctl32.dll

2010-10-14 05:08:04 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

2010-10-14 05:08:04 340992 ----a-w- C:\Windows\System32\schannel.dll

2010-10-14 05:08:04 224256 ----a-w- C:\Windows\SysWow64\schannel.dll

2010-10-14 05:04:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll

2010-10-14 05:04:48 463360 ----a-w- C:\Windows\System32\drivers\srv.sys

2010-10-14 05:04:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys

2010-10-14 05:04:48 236032 ----a-w- C:\Windows\System32\srvsvc.dll

2010-10-14 05:04:48 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2010-10-14 05:04:47 3123712 ----a-w- C:\Windows\System32\win32k.sys

==================== Find3M ====================

2010-09-22 17:31:11 13048 ----a-w- C:\Windows\System32\avgrssta.dll

2010-09-22 17:31:10 317520 ----a-w- C:\Windows\System32\drivers\avgtdia.sys

2010-09-22 17:31:06 35536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys

2010-09-22 17:31:06 269904 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

2010-09-22 02:48:44 1228400 ----a-w- C:\Users\Cindy\Photoshop_12_LS1.exe

2010-09-15 11:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2010-09-11 07:38:00 51712 ----a-w- C:\Windows\System32\drivers\usbehci.sys

2010-09-11 07:38:00 41472 ----a-w- C:\Windows\System32\drivers\winusb.sys

2010-09-11 07:38:00 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2010-09-11 07:38:00 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2010-09-11 07:38:00 243712 ----a-w- C:\Windows\System32\drivers\ks.sys

2010-09-11 07:38:00 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2010-09-11 07:38:00 125952 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2010-09-11 06:49:55 0 ----a-w- C:\Windows\ativpsrm.bin

2010-09-11 04:55:05 455680 ----a-w- C:\Windows\System32\deployJava1.dll

2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll

2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec

2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll

2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll

2010-08-26 21:47:08 44544 ----a-w- C:\Windows\SysWow64\msxml4a.dll

2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll

2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe

2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll

2010-08-11 05:35:44 66040 ----a-w- C:\Windows\System32\drivers\mozy.sys

============= FINISH: 17:20:07.54 ===============

Attach.txt.zip

Link to post
Share on other sites

Here is the MBAM result...

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5017

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

11/1/2010 3:50:42 PM

mbam-log-2010-11-01 (15-50-42).txt

Scan type: Full scan (C:\|I:\|Q:\|)

Objects scanned: 47072

Time elapsed: 9 minute(s), 1 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

C:\ProgramData\03b15e\SM03b_2211.exe (Heuristics.Shuriken) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smart engine (Heuristics.Shuriken) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\ProgramData\03b15e\SM03b_2211.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.

Link to post
Share on other sites

  • Staff

Hi,

Please remove this file from quarantine and upload it for analysis. Post the results here:

C:\ProgramData\03b15e\SM03b_2211.exe

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.