Jump to content

Icons merging on desktop ? Internet slowing. Virus ?


Recommended Posts

20ft8qd.jpg

A few days ago I noticed that my Mozilla Firefox and Frostwire icons had seemingly merged with my Recycle Bin icon on my desktop. I have no idea why or how. I tried to drag them apart but it does not work. Firefox and Frostwire are not in my Recycle Bin, either. I never use Frostwire (or at least have not in quite a while) so I don't think I downloaded anything harmful from that.

Ever since the icons merged, my internet has become very slow and says "connecting.." for way too long before loading a website. I also noticed when opening up my computer after logging off for a while there will be random folders from my desktop opened that I did NOT open myself. I did a scan with Malware Bytes and with Spybot and both turned up negative for any threats.

Anyone have any idea what could be wrong or what I should do about it ?

Link to post
Share on other sites

Hi and :welcome:

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Link to post
Share on other sites

.

DDS (Ver_2011-06-12.02) - NTFSx86

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24

Run by Mike at 14:06:39 on 2011-06-22

Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.254 [GMT -4:00]

.

AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Launch Manager\dsiwmis.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Acer\Registration\GregHSRW.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\AVG\AVG10\avgemcx.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Acer\Acer VCM\RS_Service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Acer\Acer VCM\AcerVCM.exe

C:\Users\Mike\AppData\Local\Sony Corporation\VirtualExpander\VirtualExpander.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Windows\system32\igfxext.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Windows\system32\wuauclt.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\AVG\AVG10\avgsrmax.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://yahoo.com/

uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b50410d145l0434wwj5w44m2r285

mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b50410d145l0434wwj5w44m2r285

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b50410d145l0434wwj5w44m2r285

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll

mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [LManager] c:\program files\launch manager\LManager.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe

mRun: [EgisTecLiveUpdate] "c:\program files\egistec egis software update\EgisUpdate.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

StartupFolder: c:\users\mike\appdata\roaming\micros~1\windows\startm~1\programs\startup\virtua~1.lnk - c:\users\mike\appdata\local\sony corporation\virtualexpander\VirtualExpander.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TCP: DhcpNameServer = 65.32.5.111 65.32.5.112

TCP: Interfaces\{073907CE-BB34-4097-A72C-512D96A04666} : DhcpNameServer = 65.32.5.111 65.32.5.112

TCP: Interfaces\{073907CE-BB34-4097-A72C-512D96A04666}\2456C6B696E6 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{073907CE-BB34-4097-A72C-512D96A04666}\2456C6B696E6E253346453 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{073907CE-BB34-4097-A72C-512D96A04666}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\mike\appdata\roaming\mozilla\firefox\profiles\p5wajbfs.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - yahoo.com

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d9f7f21&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=

FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]

R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2009-6-2 18992]

R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2009-6-2 16432]

R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2009-6-2 60976]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2010-1-8 107016]

R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2010-1-8 727584]

R2 Greg_Service;GRegService;c:\program files\acer\registration\GregHSRW.exe [2009-8-28 1150496]

R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2010-1-8 253952]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-3-15 1153368]

R2 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2010-1-8 240160]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2010-1-8 54784]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-8 947528]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [2010-1-8 103296]

S3 MWLService;MyWinLocker Service;c:\program files\egistec\mywinlocker 3\x86\MWLService.exe [2009-9-10 305448]

S4 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-11-16 735960]

.

=============== Created Last 30 ================

.

2011-06-22 17:34:59 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2011-06-22 17:34:58 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2011-06-21 03:09:33 -------- d-----w- c:\users\mike\appdata\local\NPE

2011-06-21 03:09:32 -------- d-----w- c:\programdata\Norton

2011-06-17 11:58:29 -------- d-sh--w- c:\windows\system32\%APPDATA%

2011-06-16 21:56:12 -------- d--h--w- C:\$AVG

2011-06-14 18:58:16 311296 ----a-w- c:\windows\system32\drivers\srv.sys

2011-06-14 18:58:16 309760 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-14 18:58:15 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-14 18:58:10 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-06-14 18:58:08 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-13 14:55:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-05 22:32:06 -------- d-----w- c:\program files\HP

2011-06-05 22:31:11 -------- d-----w- c:\users\mike\appdata\local\HP

2011-05-30 22:51:15 -------- d-----w- c:\users\mike\appdata\local\{39BD8FE5-1E6B-479F-8273-74502516B412}

2011-05-25 15:39:16 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys

.

==================== Find3M ====================

.

2011-05-28 03:00:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-05-13 21:37:06 695578 ----a-w- c:\windows\system32\unins000.exe

2011-05-04 02:43:59 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-05-04 02:43:48 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-05-04 02:43:41 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-05-03 04:50:29 740864 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-27 02:33:46 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys

2011-04-22 19:31:50 981504 ----a-w- c:\windows\system32\wininet.dll

2011-04-22 19:31:26 44544 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-22 18:23:59 386048 ----a-w- c:\windows\system32\html.iec

2011-04-15 01:28:30 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys

2011-04-09 06:13:06 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-04-09 06:13:06 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-09 05:56:38 123904 ----a-w- c:\windows\system32\poqexec.exe

2011-04-05 04:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys

.

============= FINISH: 14:09:28.14 ===============

Attach.zip

Link to post
Share on other sites

Hi again,

TWO ANTIVIRUS PROGRAMS

---------------------------------------

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either AVG or ESET.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

ComboFix 11-06-23.01 - Mike 06/25/2011 21:41:32.1.2 - x86

Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.266 [GMT -4:00]

Running from: c:\users\Mike\Desktop\ComboFix.exe

AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}

SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Mike\GoToAssistDownloadHelper.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-05-26 to 2011-06-26 )))))))))))))))))))))))))))))))

.

.

2011-06-26 01:57 . 2011-06-26 01:58 -------- d-----w- c:\users\Mike\AppData\Local\temp

2011-06-26 01:57 . 2011-06-26 01:57 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-06-26 01:41 . 2011-06-26 01:41 -------- d-----w- c:\users\Mike\AppData\Local\CrashDumps

2011-06-26 01:32 . 2011-06-26 01:35 -------- d-----w- C:\32788R22FWJFW

2011-06-22 17:34 . 2011-06-22 17:34 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-06-22 17:34 . 2011-06-22 17:34 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-06-21 03:09 . 2011-06-21 03:25 -------- d-----w- c:\users\Mike\AppData\Local\NPE

2011-06-21 03:09 . 2011-06-21 03:09 -------- d-----w- c:\programdata\Norton

2011-06-17 11:58 . 2011-06-17 11:58 -------- d-sh--w- c:\windows\system32\%APPDATA%

2011-06-14 18:58 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys

2011-06-14 18:58 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-14 18:58 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-14 18:58 . 2011-04-25 04:56 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-06-14 18:58 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-13 14:55 . 2011-06-20 16:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-05 22:34 . 2011-06-05 22:34 -------- d-----w- c:\programdata\HP

2011-06-05 22:32 . 2011-06-05 22:32 -------- d-----w- c:\program files\HP

2011-06-05 22:31 . 2011-06-05 22:38 -------- d-----w- c:\users\Mike\AppData\Local\HP

2011-05-30 22:51 . 2011-05-30 22:51 -------- d-----w- c:\users\Mike\AppData\Local\{39BD8FE5-1E6B-479F-8273-74502516B412}

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-13 21:37 . 2011-05-13 21:37 695578 ----a-w- c:\windows\system32\unins000.exe

2011-04-22 19:36 . 2011-05-25 15:39 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-04-09 06:13 . 2011-05-11 16:09 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-04-09 06:13 . 2011-05-11 16:09 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-09 05:56 . 2011-05-19 16:21 123904 ----a-w- c:\windows\system32\poqexec.exe

2011-06-22 17:34 . 2011-03-23 21:04 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-09-10 13:41 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1]

@="{E4000AC4-5E5F-4956-807A-C5854405D64F}"

[HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}]

2010-05-13 00:57 87552 ----a-w- c:\users\Mike\AppData\Local\Sony Corporation\VirtualExpander\VEShellExt.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-10-07 1157640]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-09 8120864]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 703008]

"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-10-15 233472]

"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http:" [X]

.

c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

VirtualExpander.lnk - c:\users\Mike\AppData\Local\Sony Corporation\VirtualExpander\VirtualExpander.exe [2010-5-12 736608]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-1-8 708608]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Users^Mike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-11-11 05:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwlDaemon]

2009-09-10 13:42 349480 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2010-06-29 04:00 74752 ----a-w- c:\program files\Winamp\winampa.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-11-23 103296]

R3 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]

R4 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 18992]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 16432]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60976]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2009-08-24 107016]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 727584]

S2 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]

S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-09-04 54784]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://yahoo.com/

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b50410d145l0434wwj5w44m2r285

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 65.32.5.111 65.32.5.112

FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\p5wajbfs.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - yahoo.com

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d9f7f21&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

Toolbar-Locked - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

SafeBoot-mcmscsvc

SafeBoot-MCODS

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2515642223-1792868283-1121711111-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2515642223-1792868283-1121711111-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-06-25 22:03:58

ComboFix-quarantined-files.txt 2011-06-26 02:03

.

Pre-Run: 93,068,652,544 bytes free

Post-Run: 92,576,866,304 bytes free

.

- - End Of File - - F0E3147BBB4B8F7EE892D65B0A223831

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.