Jump to content

malware not detected?


ssyoda

Recommended Posts

Can someone please help me read these logs? I have already done a system recovery, and the anti-virus has detected nothing. And neither does the gmer tool. But the problem is still on my cpu. Thank you for your time...

DDS (Ver_10-12-12.02) - NTFS_AMD64

Run by ssyoda at 21:47:03.08 on Tue 01/18/2011

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4086.2124 [GMT -5:00]

AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\vcsFPService.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe

C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\16.7.0.30\InstStub.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\QuickTime\qttask.exe

C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe

c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files\DigitalPersona\Bin\DPAgent.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Users\ssyoda\Downloads\Defogger.exe

C:\Windows\system32\conhost.exe

C:\Users\ssyoda\Downloads\0nkwjfon.exe

C:\Users\ssyoda\Downloads\dds.com

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

mWinlogon: Userinit=userinit.exe

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DigitalPersona Personal Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\IPSBHO.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime

mRun: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

mRun: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe

mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

mRun: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

uPolicies-system: WallpaperStyle = 2

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

dPolicies-system: WallpaperStyle = 2

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

Trusted Zone: intuit.com\ttlc

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\CoIEPlg.dll

LSA: Notification Packages = scecli DPPWDFLT

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: DigitalPersona Personal Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll

BHO-X64: DigitalPersona Personal Extension - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun-x64: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

mRun-x64: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background

mRun-x64: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPTonectl.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

================= FIREFOX ===================

FF - ProfilePath - C:\Users\ssyoda\AppData\Roaming\Mozilla\Firefox\Profiles\ao995f2o.default\

FF - prefs.js: network.proxy.type - 0

FF - component: C:\Program Files (x86)\DigitalPersona\Bin\firefoxext\components\dpffcli.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll

FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - Ext: DigitalPersona Extension: otis@digitalpersona.com - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt

FF - Ext: DigitalPersona Extension: otis@digitalpersona.com - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext

============= SERVICES / DRIVERS ===============

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]

R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2011/01/16 01:17:56];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2011-1-16 146928]

R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]

R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-7-20 140712]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2009-6-26 83488]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-16 233472]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2011-1-16 5435904]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

=============== Created Last 30 ================

2011-01-19 02:05:10 388096 ----a-r- C:\Users\ssyoda\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-01-19 02:05:09 -------- d-----w- C:\Program Files (x86)\Trend Micro

2011-01-18 21:34:45 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2011-01-18 21:34:40 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{A9AB3F62-B275-4C01-BA4F-FD10123F1EB1}\mpengine.dll

2011-01-18 05:29:09 -------- d-----w- C:\Users\ssyoda\AppData\Roaming\Malwarebytes

2011-01-18 05:29:03 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-01-18 05:29:02 -------- d-----w- C:\PROGRA~3\Malwarebytes

2011-01-18 05:28:59 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-01-18 05:28:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-01-17 22:26:50 -------- d-----w- C:\Windows\SysWow64\Wat

2011-01-17 22:26:49 -------- d-----w- C:\Windows\System32\Wat

2011-01-17 22:20:37 311808 ----a-w- C:\Windows\System32\msv1_0.dll

2011-01-17 22:20:37 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll

2011-01-17 22:16:40 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2011-01-17 22:15:17 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll

2011-01-17 22:15:17 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll

2011-01-17 22:15:17 48960 ----a-w- C:\Windows\System32\netfxperf.dll

2011-01-17 22:15:17 444752 ----a-w- C:\Windows\System32\mscoree.dll

2011-01-17 22:15:17 320352 ----a-w- C:\Windows\System32\PresentationHost.exe

2011-01-17 22:15:17 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll

2011-01-17 22:15:17 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe

2011-01-17 22:15:17 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2011-01-17 22:15:17 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll

2011-01-17 22:15:17 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll

2011-01-17 02:21:19 -------- d-----w- C:\Users\ssyoda\AppData\Roaming\Intuit

2011-01-17 02:21:02 -------- d-----w- C:\Program Files (x86)\Common Files\AnswerWorks 5.0

2011-01-17 02:18:58 -------- d-----w- C:\Users\ssyoda\AppData\Local\IsolatedStorage

2011-01-17 02:18:57 -------- d-----w- C:\Program Files (x86)\Common Files\Intuit

2011-01-17 02:16:23 -------- d-----w- C:\Program Files (x86)\TurboTax

2011-01-17 02:16:14 -------- d-----w- C:\PROGRA~3\Intuit

2011-01-16 19:44:59 3124224 ----a-w- C:\Windows\System32\win32k.sys

2011-01-16 19:42:45 -------- d-----w- C:\Users\ssyoda\AppData\Local\Adobe

2011-01-16 09:37:16 140066664 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlcE14.tmp

2011-01-16 09:34:13 -------- d-----w- C:\Program Files (x86)\Common Files\Protexis

2011-01-16 09:34:12 -------- d-----w- C:\Program Files (x86)\Common Files\Corel

2011-01-16 09:34:12 -------- d-----w- C:\PROGRA~3\Corel

2011-01-16 09:28:28 -------- d-----w- C:\Program Files (x86)\Common Files\Ulead Systems

2011-01-16 09:28:18 -------- d-----w- C:\Program Files (x86)\Corel

2011-01-16 09:26:37 -------- d-----w- C:\Program Files (x86)\Sling Media

2011-01-16 09:12:48 -------- d-----w- C:\PROGRA~3\Recovery

2011-01-16 09:12:34 -------- d-----w- C:\Windows\Hewlett-Packard

2011-01-16 09:11:37 5435904 ----a-w- C:\Windows\System32\drivers\NETw5v64.sys

2011-01-16 09:11:12 408600 ----a-w- C:\Windows\System32\drivers\iaStor.sys

2011-01-16 09:09:53 487936 ----a-w- C:\Windows\System32\drivers\stwrt64.sys

2011-01-16 09:09:53 431616 ----a-w- C:\Windows\System32\stcplx64.dll

2011-01-16 09:09:53 209920 ----a-w- C:\Windows\System32\staco64.dll

2011-01-16 09:09:52 604672 ------w- C:\Windows\System32\stapi64.dll

2011-01-16 09:09:52 1431552 ----a-w- C:\Windows\System32\stapo64.dll

2011-01-16 09:09:40 -------- d-----w- C:\Program Files\IDT

2011-01-16 09:09:21 -------- d-----w- C:\Program Files\Synaptics

2011-01-16 09:08:03 539680 ----a-w- C:\Windows\System32\NVUNINST.EXE

2011-01-16 09:01:01 -------- d-----w- C:\Windows\ehome

2011-01-16 07:46:13 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared

2011-01-16 07:45:33 -------- d-----w- C:\Program Files (x86)\DivX

2011-01-16 07:44:50 -------- d-----w- C:\PROGRA~3\DivX

2011-01-16 07:20:17 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-01-16 07:16:06 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-01-16 07:16:06 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

2011-01-16 07:15:09 -------- d-----w- C:\Users\ssyoda\AppData\Roaming\HpUpdate

2011-01-16 07:12:57 220672 ----a-w- C:\Windows\System32\wintrust.dll

2011-01-16 07:12:57 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll

2011-01-16 07:12:56 139264 ----a-w- C:\Windows\System32\cabview.dll

2011-01-16 07:12:56 132608 ----a-w- C:\Windows\SysWow64\cabview.dll

2011-01-16 07:10:57 -------- d-----w- C:\Users\ssyoda\AppData\Roaming\Macrovision

2011-01-16 07:09:59 -------- d-----w- C:\Users\ssyoda\AppData\Roaming\DigitalPersona

2011-01-16 07:09:59 -------- d-----w- C:\Users\ssyoda\AppData\Local\DigitalPersona

2011-01-16 07:09:24 -------- d-----w- C:\Users\ssyoda\AppData\Local\VirtualStore

2011-01-16 07:09:16 -------- d-----w- C:\Users\ssyoda\AppData\Local\Hewlett-Packard_Company

2011-01-16 07:09:14 -------- d-----w- C:\Users\ssyoda\AppData\Roaming\hpqlog

2011-01-16 07:06:26 -------- d-----w- C:\Users\ssyoda\AppData\Roaming\HP TCS

2011-01-16 07:05:01 -------- d-----w- C:\Users\ssyoda\AppData\Local\Hewlett-Packard

==================== Find3M ====================

2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll

2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec

2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll

2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll

2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll

2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll

2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe

2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe

2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll

2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll

2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe

2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe

2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll

2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

============= FINISH: 21:55:01.90 ===============

Attach.zip

Link to post
Share on other sites

forgot to add the mbam logs

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5544

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

1/18/2011 1:15:32 AM

mbam-log-2011-01-18 (01-15-32).txt

Scan type: Quick scan

Objects scanned: 154329

Time elapsed: 16 minute(s), 52 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

full scan

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5551

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

1/18/2011 11:55:43 PM

mbam-log-2011-01-18 (23-55-43).txt

Scan type: Full scan (C:\|D:\|E:\|)

Objects scanned: 318428

Time elapsed: 2 hour(s), 45 minute(s), 7 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Your logs are clean , except for this random process in your DDS report:

C:\Users\ssyoda\Downloads\0nkwjfon.exe

That could just be the randomly named gmer exe though.

Please describe what your exact problem is when You claim this, and elaborate on all symptoms and explain why you did a system recovery:

Can someone please help me read these logs? I have already done a system recovery, and the anti-virus has detected nothing. And neither does the gmer tool. But the problem is still on my cpu. Thank you for your time...

Please post the Gmer log as it is very difficult for experts to decipher let alone lay people and it is a requested log. Do NOT attach it!! Copy and paste it into your reply!!

Link to post
Share on other sites

Your logs are clean , except for this random process in your DDS report:

C:\Users\ssyoda\Downloads\0nkwjfon.exe

That could just be the randomly named gmer exe though.

Please describe what your exact problem is when You claim this, and elaborate on all symptoms and explain why you did a system recovery:

Please post the Gmer log as it is very difficult for experts to decipher let alone lay people and it is a requested log. Do NOT attach it!! Copy and paste it into your reply!!

Ok on start up it's taking longer than usual to boot, then once the computer is booted my web browser is really slow, and youtube videos are slower with crackling audio noise from every video played. Files take longer to open. The issue was way worst before the system recovery was done.

On the gmer scanner I have the following boxes checked, services, registry, files, C:\, ADS. I run the scan until it's done, then a pop up box tells me it has found nothing, I click ok. Then hit save, but there's no log to save in the file. I'm I doing something wrong? My computer was very fast before, I have a intel quad core I7.

Any help is greatly appreciated

Link to post
Share on other sites

Please run Gmer like this, and use the randomly named version from the download link I provide in these directions:

Download this Antirootkit Program to a folder that you create such as C:\ARK, by choosing the "Download EXE" button on the webpage.

Very Important: Disable the active protection component of your antivirus by following the directions that apply here:

http://www.bleepingcomputer.com/forums/topic114351.html

Please perform a rootkit "Quick" scan:

  • Double-click the randomly name EXE located in the C:\ARK folder that you just downloaded to run the program.
  • When the program opens, it will automatically initiate a very fast scan of common rootkit hiding places.
  • After the automatic "quick" scan is finished (a few seconds)
  • Save the scan log to the Windows clipboard
    • Open Notepad or a similar text editor
    • Paste the clipboard contents into a text file by clicking Edit | Paste or Ctl V
    • Exit the Program
    • Save the Scan log as ARKQ.txt and post it in your next reply.

    [*]Re-enable your antivirus and any antimalware programs you disabled before running the scan

Some background information on what we're planning to do can be found >HERE<

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download Combofix from one of these locations:

HERE or HERE

I want you to rename Combofix.exe as you download it to iexplore.exe

Notes:

  • It is very important that save the newly renamed EXE file to your desktop.
  • You must rename Combofixe.exe as you download it and not after it is on your computer.
    You may have to modify your browser settings if you use Firefox, so you can rename Combofix.exe as you download it. To do that:
    • Open Firefox
    • Click Tools -> Options -> Main
    • Under the downloads section check the button that says "Always ask me where to save files".
    • Click OK

    [*]For Internet Explorer:

    • Choose to save, not open the file
    • When prompted - save the file to your desktop, and rename it iexplore.exe.

Running Combofix

In the event you already have Combofix, please delete it as this is a new version.

  • Close any open browsers and programs.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.
  • If Combofix asks to update, please allow it to do so. If it renames itself back to Combofix.exe - this is normal!!
  • If You are running Windows XP, and Combofix asks to install the Recovery Console, please allow it to do so or it WILL NOT perform it's normal malware removal capabilities. This is for your safety !!

1. To Launch Combofix

Click Start --> Run, and enter (copy/paste)this command exactly as shown (including the quotes):

"%userprofile%\desktop\iexplore.exe" /killall

2. When finished, it will produce a logfile located at C:\ComboFix.txt

3. Post the contents of that log in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

Please post C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

Hey sorry for not getting back to you, but your the F-ing Man! I did everything you said...

I still couldn't get the Gmer scan to work but it's ok.

Tdss killer tool ran and found nothing I believe...

The Combo Fix worked Great! The Scan took like an hour, but well worth it. It Deleted this one file

c:\users\Public\videos\HP MediaSmart Demo.exe

can you explain what this was? The computer is running like normal now

Thank you for your all your time in helping me... I really appreciate it

TDSSKiller.2.4.14.0_21.01.2011_19.43.08_log.txt

ComboFixLog.txt

Link to post
Share on other sites

That item appears to be a HP promotional video that came pre-installed in the W7 Public Video Folder. This is it here:

From the Combofix log, it looks like that was the only thing removed - let's see:

Please open a run line (click Start ->Type Run into the "Start Search" box)

Under Programs, double-click "Run"

Copy/paste the following bolded text into the Run box and click OK:

C:\Qoobox\ComboFix-quarantined-files.txt

A report should open in Notepad. Please post the contents in your next reply.

=======

Please perform a scan with the ESET online virus scanner. You can expect some detections in Combofix's quarantine (Qoobox) and system volume information. They will not represent active malware so don't worry:

http://www.eset.com/onlinescan/index.php

NOTE: Do NOT choose the option to automatically uninstall the ESET Online Scanner with all its components because you need to retain the scan log for posting & that option will delete the ESET Scan log!!

  • ESET recommends disabling your resident antivirus's auto-protection feature before beginning the scan to avoid conflicts and system hangs
  • Use Internet Explorer to navigate to the scanner website because you must approve install an ActiveX add-on to complete the scan.
  • Check the "Yes, I accept the terms of use" box.
  • Click "Start"
  • Approve the installation of the ActiveX control that's required to enable scanning
  • Make sure the box to
    • Remove found threats. is CHECKED!!
    • Click "Start"

    [*]Allow the definition data base to install

    [*]Click "Scan"

When the scan is done:

  • Please post the scan report in your next reply. It can be found in this location:
    C:\Program Files\EsetOnlineScanner\log.txt
  • You can remove the ESET Online Scanner using the Windows Control Panel - Add/Remove Programs feature

Note to Windows 7 and Vista users, and anyone with restrictive IE security settings:

Depending on your security settings, you may have to allow cookies and put the ESET website, www.eset.com, into the trusted zone of Internet Explorer if the scan has problems starting (in Vista this is a necessity as IE runs in Protected mode).

To do that, on the Internet Explorer menu click Tools => Internet Options => Security => Trusted Sites => Sites. Then UNcheck "Require server verification for all sites in this zone" checkbox at the bottom of the dialog. Add the above www.eset.com url to the list of trusted sites, by inserting it in the blank box and clicking the Add button, then click Close. For cookies, choose the IE Privacy tab and add the above eset.com url to the exceptions list for cookie blocking.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.