Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possible Infection?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Possible Infection?

Unread postby superleggera » March 2nd, 2011, 5:54 am

Whenever I open cmd/||windows task manager/regedit/control panel an error pops up that says the administrator has disabled running it. I am the only user and administrator of my computer and they worked fine before. I'm guessing that a program (or virus) must have changed this.

EDIT: Forgot to add that after I restarted my computer, there's an svchost.exe process which consumes 50k memory, I saw it go up to 92k at one point and I'm confused about this... help?

--

Hijackthis log


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:49:42 AM, on 3/2/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\sliicktalk\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 5064 bytes

Cheers
superleggera
Active Member
 
Posts: 8
Joined: March 2nd, 2011, 5:37 am
Advertisement
Register to Remove

Re: Possible Infection?

Unread postby Bob4 » March 3rd, 2011, 7:29 am

Welcome to the Forums.

The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
The process is not instant.
Please continue to review my answers until I tell you your machine is clear.
Absence of symptoms does not mean that everything is clear.
So lets do this to the end!



  • Save and quit any work your doing before beginning the fix.
  • Follow the steps I describe in the order I asked if at all possible,
  • All hijackthis logs I ask for should be done in normal mode ( not safe mode)
  • These logs should be done last after you have followed my instructions in the previous post.
  • DO NOT install new programs while we are fixing this machine.
  • Be sure to use the subscribe button to receive notification by Email that you have been replied to.
    If I do not hear from you in 3 days from my last post this topic will be closed. You will need to start another.


Please if you decide to seek help at another forum let us know. There is a shortage of helpers and tying 2 of us up is a waste of time.
If you have any questions about any advice given here please STOP and ask!


NOTE to Vista and windows 7 users:
For any tool I ask you to run you will need to "right click on it and choose
"Run as Administrator"


______________________________
Run HiJackThis
(Windows 7 or Vista users please right click and choose "run as administrator.)
and choose scan only and place a check by the following lines if present.
Close all other windows and browsers except HJT before clicking on Fix Checked

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

Close that.


DDS
Please download DDS from one of the links below and save it to your desktop:
Link1
Link2
If using Vista or windows 7 right click and choose run as administrator.
For XP just double click it to start.
When it's done 2 logs will open. DDS.txt and Attached.txt
Save them right away. They will not be saved if you don't save them.
Click file /save as and save them some place convenient such as your desktop and
post the contents of both files for me in your next reply.
NOTE: DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.


_________________________
In your next reply I would like to see:

  • The reports (2) from DDS
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Possible Infection?

Unread postby superleggera » March 3rd, 2011, 7:42 am

DDS (Ver_10-12-12.02) - NTFSx86
Run by sliicktalk at 3:38:25.07 on Thu 03/03/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3007.1949 [GMT -8:00]

AV: AVG Anti-Virus *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Windows\system32\conhost.exe
C:\Program Files\IObit\Game Booster\gbtray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Users\sliicktalk\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\sliicktalk\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sliicktalk\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sliicktalk\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\sliicktalk\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [Google Update] "c:\users\sliicktalk\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
AppInit_DLLs: avgrsstx.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2011-2-27 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2011-2-27 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2011-2-27 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2011-2-27 243024]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2011-2-27 308136]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2010-2-25 1047880]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2010-2-25 10064]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-28 1343400]

=============== Created Last 30 ================

2011-03-02 09:09:30 -------- d-----w- c:\program files\CCleaner
2011-03-02 09:05:09 388096 ----a-r- c:\users\sliick~1\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-03-02 09:05:09 -------- d-----w- c:\program files\Trend Micro
2011-03-02 08:15:24 -------- d-----w- c:\users\sliicktalk\Shortcuts
2011-03-02 08:02:00 -------- d-----w- c:\users\sliicktalk\Gadgets
2011-03-02 07:57:24 -------- d-----w- c:\program files\RocketDock
2011-03-02 07:37:53 -------- d-----w- c:\users\sliick~1\appdata\roaming\Trend Micro Inc
2011-03-02 07:30:22 -------- d-----w- c:\users\sliick~1\appdata\roaming\AVG9
2011-03-01 03:57:03 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-03-01 03:56:40 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-03-01 03:56:06 -------- d-----w- c:\program files\Microsoft
2011-03-01 03:55:47 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-03-01 03:53:58 74520 ----a-w- c:\program files\common files\windows live\.cache\4b35ccd01cbd7c4\DSETUP.dll
2011-03-01 03:53:58 484632 ----a-w- c:\program files\common files\windows live\.cache\4b35ccd01cbd7c4\DXSETUP.exe
2011-03-01 03:53:58 1670936 ----a-w- c:\program files\common files\windows live\.cache\4b35ccd01cbd7c4\dsetup32.dll
2011-03-01 03:44:25 -------- d-----w- c:\users\sliick~1\appdata\local\{260FD795-6B29-4F84-A838-416149EF6EE3}
2011-03-01 03:42:46 -------- d-----w- c:\users\sliicktalk\Tracing
2011-02-28 20:44:00 -------- d-----w- c:\windows\nvtmpinst
2011-02-28 20:39:01 84992 ----a-w- c:\windows\system32\drivers\sdbus.sys
2011-02-28 20:39:01 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2011-02-28 20:38:52 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-28 20:34:55 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-02-28 20:34:55 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-28 20:34:55 107520 ----a-w- c:\windows\system32\cdd.dll
2011-02-28 20:28:55 -------- d-----w- c:\windows\system32\Wat
2011-02-28 15:09:11 257024 ----a-w- c:\windows\system32\msv1_0.dll
2011-02-28 15:07:26 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-02-28 15:07:26 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-02-28 15:07:26 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-02-28 15:07:26 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-02-28 15:07:26 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-02-28 14:54:06 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2011-02-28 14:54:06 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-02-28 09:42:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-02-28 09:31:59 507568 ----a-w- c:\windows\system32\winload.exe
2011-02-28 09:30:59 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-02-28 09:29:41 738816 ----a-w- c:\windows\system32\wmpmde.dll
2011-02-28 09:22:06 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-28 09:22:06 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-28 09:22:06 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-28 08:54:40 -------- d-----w- c:\users\sliick~1\appdata\local\NeoSmart_Technologies
2011-02-28 08:54:03 -------- d-----w- c:\program files\NeoSmart Technologies
2011-02-28 08:41:49 -------- d-----w- c:\progra~3\NexonUS
2011-02-28 08:41:49 -------- d-----w- C:\Nexon
2011-02-28 07:57:14 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-02-28 07:57:10 132608 ----a-w- c:\windows\system32\cabview.dll
2011-02-28 07:45:06 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2011-02-28 07:45:04 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-02-28 07:45:02 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-02-28 07:44:46 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-02-28 07:44:38 -------- d-----w- c:\windows\system32\drivers\Avg
2011-02-28 07:44:28 -------- d-----w- c:\program files\AVG
2011-02-28 07:44:25 -------- d-----w- c:\progra~3\avg9
2011-02-28 07:43:11 3181568 ----a-w- c:\windows\system32\mf.dll
2011-02-28 07:43:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-02-28 07:43:11 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-02-28 07:41:23 -------- d-----w- c:\users\sliick~1\appdata\local\Windows Live
2011-02-28 07:41:22 -------- d-----w- c:\program files\common files\Windows Live
2011-02-28 07:35:23 -------- d-----w- c:\progra~3\IObit
2011-02-28 07:35:22 -------- d-----w- c:\program files\IObit
2011-02-28 07:33:57 -------- d-----w- c:\users\sliick~1\appdata\local\PMB Files
2011-02-28 07:33:55 -------- d-----w- c:\progra~3\PMB Files
2011-02-28 07:33:34 -------- d-----w- c:\program files\Pando Networks
2011-02-28 07:14:58 -------- d-----w- c:\users\sliick~1\appdata\local\Apple Computer
2011-02-28 07:14:48 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-02-28 07:14:48 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-02-28 07:14:22 -------- d-----w- c:\program files\iPod
2011-02-28 07:14:21 -------- d-----w- c:\program files\iTunes
2011-02-28 07:14:21 -------- d-----w- c:\progra~3\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-02-28 07:09:48 -------- d-----w- c:\program files\Microsoft IntelliPoint
2011-02-28 05:42:47 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2011-02-28 05:42:47 32656 ----a-w- c:\windows\system32\msonpmon.dll
2011-02-28 05:41:57 -------- d-----w- c:\windows\PCHEALTH
2011-02-28 05:40:42 -------- d-----w- c:\users\sliick~1\appdata\local\Microsoft Help
2011-02-28 05:36:59 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2011-02-28 05:36:54 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2011-02-28 05:36:54 21320 ----a-w- c:\windows\system32\authuitu.dll
2011-02-28 05:36:41 -------- d-----w- c:\users\sliick~1\appdata\roaming\TuneUp Software
2011-02-28 05:36:34 -------- d-----w- c:\program files\TuneUp Utilities 2010
2011-02-28 05:36:34 -------- d-----w- c:\progra~3\TuneUp Software
2011-02-28 05:28:48 -------- d-----w- c:\program files\Realtek
2011-02-28 05:28:46 -------- d--h--w- c:\program files\Temp
2011-02-28 05:28:45 1284712 ----a-w- c:\windows\RtlExUpd.dll
2011-02-28 05:28:44 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2011-02-28 05:28:43 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
2011-02-28 05:28:43 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
2011-02-28 05:28:43 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
2011-02-28 05:28:42 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
2011-02-28 05:28:42 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
2011-02-28 05:28:41 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll
2011-02-28 05:28:41 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll
2011-02-28 05:05:47 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2011-02-28 05:05:45 -------- d-----w- c:\program files\Broadcom
2011-02-28 05:04:27 397312 ----a-w- c:\windows\system32\athihvs.dll
2011-02-28 05:04:27 1263104 ----a-w- c:\windows\system32\drivers\athr.sys
2011-02-28 05:04:27 -------- d-----w- c:\windows\system32\nn-NO
2011-02-28 05:04:17 -------- d-----w- c:\program files\Cisco
2011-02-28 05:04:17 -------- d-----w- c:\program files\Atheros
2011-02-28 04:32:17 5943120 ----a-w- c:\progra~3\microsoft\windows defender\definition updates\{052dbd4d-68ef-4c2a-b8ec-d27f162aad14}\mpengine.dll
2011-02-28 04:32:16 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-28 04:15:31 -------- d-----w- c:\users\sliick~1\appdata\local\Google
2011-02-28 04:15:21 -------- d-----w- c:\users\sliick~1\appdata\local\Deployment
2011-02-28 04:15:21 -------- d-----w- c:\users\sliick~1\appdata\local\Apps
2011-02-28 04:12:36 -------- d-----w- c:\users\sliick~1\appdata\local\ElevatedDiagnostics
2011-02-28 04:11:03 48128 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
2011-02-28 04:11:03 44544 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2011-02-28 04:11:03 38400 ----a-w- c:\windows\system32\drivers\rixdptsk.sys
2011-02-28 04:11:03 114688 ----a-w- c:\windows\system32\RicohMediadriverVer.dll
2011-02-28 04:11:02 90112 ----a-w- c:\windows\system32\snymsico.dll
2011-02-28 04:11:02 172032 ----a-w- c:\windows\system32\rixdicon.dll
2011-02-28 03:53:11 -------- d-----w- c:\users\sliick~1\appdata\roaming\hpqLog
2011-02-28 03:52:29 -------- d-----w- c:\program files\CONEXANT
2011-02-28 03:50:34 61440 ----a-w- c:\windows\system32\athihvui.dll
2011-02-28 03:49:25 -------- d-sh--w- c:\windows\Installer
2011-02-28 03:49:01 -------- d-----w- c:\progra~3\Atheros
2011-02-28 03:44:47 768544 ----a-w- c:\windows\system32\nvcplui.exe
2011-02-28 03:44:47 420384 ----a-w- c:\windows\system32\nvcpl.cpl
2011-02-28 03:44:47 313888 ----a-w- c:\windows\system32\nvexpbar.dll
2011-02-28 03:44:47 1079840 ----a-w- c:\windows\system32\nvcpluir.dll
2011-02-28 03:38:43 1732 ----a-w- c:\windows\system32\drivers\nvphy.bin
2011-02-28 03:38:40 356352 ----a-w- c:\windows\system32\nvusmu.exe
2011-02-28 03:38:38 356352 ----a-w- c:\windows\system32\nvusmb.exe
2011-02-28 03:38:28 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2011-02-28 03:31:46 -------- d-----w- c:\windows\system32\wbem\Performance
2011-02-28 03:13:11 -------- d-----w- c:\windows\Panther
2011-02-28 03:04:32 -------- d-----w- C:\Windows.old.000

==================== Find3M ====================

2011-01-07 23:56:12 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2011-01-07 07:31:10 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 07:31:10 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll
2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll
2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- c:\windows\system32\kerberos.dll
2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec
2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-15 07:14:06 504672 ----a-w- c:\windows\system32\ipcoin801.dll

============= FINISH: 3:39:22.88 ===============
You do not have the required permissions to view the files attached to this post.
superleggera
Active Member
 
Posts: 8
Joined: March 2nd, 2011, 5:37 am

Re: Possible Infection?

Unread postby Bob4 » March 4th, 2011, 10:00 pm

I am going through your logs for you. Lots there to check.
Can you tell me what this machine is used for ?
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Possible Infection?

Unread postby superleggera » March 7th, 2011, 2:36 am

Just for basic personal use (web browsing) and some gaming here and there
superleggera
Active Member
 
Posts: 8
Joined: March 2nd, 2011, 5:37 am

Re: Possible Infection?

Unread postby Bob4 » March 7th, 2011, 8:30 am

_________________________________________
Download and Run Temp File Cleaner (TFC.exe)
Download Temp File Cleaner and save it to your desktop.
Double click to run it. (Right click and choose Run as Administrator in Vista or Win7)
If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
When it's done, if it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.



______________________________________________
Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post the contents of that log.

If you accidently close it you may find it here.
Start -> All Programs -> Malwarebytes' Anti-Malware -> Logs



________________________________________
OTL
Please download OTL© by OldTimer and save it to your desktop. Click here.
  • Double click on OTL.exe to run it.
  • Make sure all the Use SafeList options are checked (ticked). There are five of them.
  • Check Scan All Users.
  • At the lower right corner, check LOP Check and Purity Check.
  • Click on Run Scan at the top left hand corner. This might take a while.
  • When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply.
    Note: These files are saved as OTL.txt and Extras.txt on the desktop.


_________________________
In your next reply I would like to see:
  • The report from OTL
  • The report from Malwarebytes
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Possible Infection?

Unread postby superleggera » March 9th, 2011, 4:12 am

Malwarebytes Anti-Malware
---------------------------


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5995

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

3/8/2011 11:58:52 PM
mbam-log-2011-03-08 (23-58-52).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 556846
Time elapsed: 3 hour(s), 29 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Value: NoFolderOptions -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\sliicktalk\AppData\Local\microsoft\messenger\sliicktalk@hotmail.com\mypornpics.scr (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\windows.old.000\Users\SDFly\downloads\windows 7 remove wat\removewat.2.2.5.hazar.carter67\removewat.exe (HackTool.Wpakill) -> Quarantined and deleted successfully.
superleggera
Active Member
 
Posts: 8
Joined: March 2nd, 2011, 5:37 am

Re: Possible Infection?

Unread postby superleggera » March 9th, 2011, 4:15 am

OTL Results
You do not have the required permissions to view the files attached to this post.
superleggera
Active Member
 
Posts: 8
Joined: March 2nd, 2011, 5:37 am

Re: Possible Infection?

Unread postby Bob4 » March 9th, 2011, 7:28 pm

In the future, please just copy and paste any logs unless I specifically ask you to attach them.


________________________________________
Submit a file to Jotti
Please go here : http://virusscan.jotti.org/
On top of the page there is a field to add the filepath, copy and paste this filepath in there.
If there is more than one file to scan, insert them 1 at a time.

C:\Windows\System32\drivers\perkm.sys
C:\Windows\System32\RDVGHelper.exe


Then hit Submit
The scan will take a while before the result comes up so please be patient.
Then copy the result and post it here in this thread.
If Jotti's service load is too high, you can use the following scanner instead:
http://www.virustotal.com/



_______________________________________
  • Open the ESET Online Scanner in Internet Explorer

    [NOTE: FIREFOX USERS will be presented with an additional download please follow the prompts and allow it to download and install it.
  • Then uncheck remove unwanted threats
  • place a check by scan archives.

    With internet explorer
  • Check the box next to YES, I accept the Terms of Use. and click Start
  • Allow the ActiveX control to be installed by Internet Explorer
  • When the Computer scan screen appears, leave un-check remove found threats UNcheck but check the box next to Scan unwanted applications.
  • Under advanced settings check scan for potentially unwanted applications
  • Under advanced settings check scan for potentially unsafe applications
  • Enable Anti-stealth technologies.
  • Once the ActiveX has finished loading click Start to initialize and update the scanner
  • Once complete and the summary page appears, press windows Start, copy/paste the following command into the search box and press Enter:
    C:\Program Files\ESET\ESET Online Scanner\log.txt
  • The log file should now appear in Notepad, copy and paste the contents in your next response.
  • If the log doesn't appear just navigate to that location to open it and copy and paste for me.


_________________________
In your next reply I would like to see:

  • The report from Jottis
  • The report from Nod32 online
  • Please let me know how things seem to be running now
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Possible Infection?

Unread postby superleggera » March 10th, 2011, 2:34 am

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=0e4ab4f53ab0844dac96c7e8a965061c
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-03-10 05:48:41
# local_time=2011-03-09 09:48:41 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1029 16777213 100 90 0 0 0 0
# compatibility_mode=5893 16776574 100 94 0 51262531 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=535602
# found=13
# cleaned=0
# scan_time=18384
C:\SWSetup\AOLIMS\setup.exe probably a variant of Win32/Agent.HZHBURL trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old\Documents and Settings\SDFly\Documents\My Music\AVG Anti-Virus Professional 9.0 Build 663a1706\Keygen\AVG9_Keygen.exe a variant of MSIL/TrojanDropper.Agent.DG trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old\Documents and Settings\SDFly\Music\AVG Anti-Virus Professional 9.0 Build 663a1706\Keygen\AVG9_Keygen.exe a variant of MSIL/TrojanDropper.Agent.DG trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old\Documents and Settings\SDFly\My Documents\My Music\AVG Anti-Virus Professional 9.0 Build 663a1706\Keygen\AVG9_Keygen.exe a variant of MSIL/TrojanDropper.Agent.DG trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old\Documents and Settings\SDFly\Xp\MsgPlusLive-483.exe a variant of Win32/Adware.CiDHelp application (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old\Users\SDFly\Documents\My Music\AVG Anti-Virus Professional 9.0 Build 663a1706\Keygen\AVG9_Keygen.exe a variant of MSIL/TrojanDropper.Agent.DG trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old\Users\SDFly\Music\AVG Anti-Virus Professional 9.0 Build 663a1706\Keygen\AVG9_Keygen.exe a variant of MSIL/TrojanDropper.Agent.DG trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old\Users\SDFly\My Documents\My Music\AVG Anti-Virus Professional 9.0 Build 663a1706\Keygen\AVG9_Keygen.exe a variant of MSIL/TrojanDropper.Agent.DG trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old\Users\SDFly\Xp\MsgPlusLive-483.exe a variant of Win32/Adware.CiDHelp application (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old.000\Documents and Settings\SDFly\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\e8267fc-5e6a04d7 probably a variant of Win32/Agent.LMMBFXF trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old.000\Users\SDFly\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\e8267fc-5e6a04d7 probably a variant of Win32/Agent.LMMBFXF trojan (unable to clean) 00000000000000000000000000000000 I
D:\Back-Up (Music)\AVG Anti-Virus Professional 9.0 Build 663a1706\Keygen\AVG9_Keygen.exe a variant of MSIL/TrojanDropper.Agent.DG trojan (unable to clean) 00000000000000000000000000000000 I
D:\Miscellaneous\AVG\Keygen\AVG9_Keygen.exe a variant of MSIL/TrojanDropper.Agent.DG trojan (unable to clean) 00000000000000000000000000000000 I

----------------------------------------------------------------------------

C:\Windows\System32\drivers\perkm.sys
File not found on computer

Filename: RDVGHelper.exe
Status:
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Thu 10 Mar 2011 01:16:55 (CET) Permalink

Scanners

2011-03-10 Found nothing
2011-03-09 Found nothing
2011-03-10 Found nothing
2011-03-09 Found nothing
2011-03-09 Found nothing
2011-03-09 Found nothing
2011-03-09 Found nothing
2011-03-09 Found nothing
2011-03-09 Found nothing
2011-03-09 Found nothing
2011-03-09 Found nothing
2011-03-09 Found nothing
2011-03-09 Found nothing
2011-03-09 Found nothing
2011-03-09 Found nothing
2011-03-09 Found nothing
2011-03-10 Found nothing
2011-03-08 Found nothing
2011-03-09 Found nothing
2011-03-09 Found nothing
superleggera
Active Member
 
Posts: 8
Joined: March 2nd, 2011, 5:37 am

Re: Possible Infection?

Unread postby Bob4 » March 10th, 2011, 7:52 am

Want to know where you got very possibly infected?
C:\Windows.old\Documents and Settings\SDFly\My Documents\My Music\AVG Anti-Virus Professional 9.0 Build 663a1706\Keygen\AVG9_Keygen.exe a variant of MSIL/TrojanDropper.Agent.DG trojan (unable to clean) 00000000000000000000000000000000 I

Kind of ironic that something you got to help you got you infected.

At this point I have to ask you to remove AVG from this machine to continue helping you per this forums rules on this matter.

Use of "cracked" programmes
The use of "cracked" files is theft clear and simple.

This forum does not support the use of stolen software, nor will it "aid and abet" in its use. If your helper detects the presence of cracked software on your computer, you will be asked to remove it at once.


There are good free alternatives for anti virus programs. I suggest you install one of these.

AVIRA
or
AVAST FREE

Once thats done please send me a fresh DDS log.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Possible Infection?

Unread postby superleggera » March 10th, 2011, 8:45 pm

DDS (Ver_10-12-12.02) - NTFSx86
Run by sliicktalk at 13:05:46.69 on Fri 03/11/2011
Internet Explorer: 8.0.7601.17514
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3007.1938 [GMT -8:00]

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\sliicktalk\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\sliicktalk\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sliicktalk\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\sliicktalk\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskhost.exe
C:\Users\sliicktalk\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Google Update] "c:\users\sliicktalk\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstall ... gBTAFUANgA"&"inst=NwA2AC0ANwAzADUAMgA3ADIANwAwADEALQBQAEwAKwA5AC0ATgAxAEQAKwAxAA"&"prod=92"&"ver=9.0.872
uPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab

============= SERVICES / DRIVERS ===============

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-11 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-11 301528]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-11 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-3-11 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-11 42184]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2010-2-25 1047880]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2010-2-25 10064]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-3-6 15872]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-6 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-28 1343400]

=============== Created Last 30 ================

2011-03-11 21:03:04 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-11 21:03:01 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-03-11 21:01:35 40648 ----a-w- c:\windows\avastSS.scr
2011-03-11 21:01:31 -------- d-----w- c:\program files\AVAST Software
2011-03-11 21:01:31 -------- d-----w- c:\progra~3\AVAST Software
2011-03-11 08:17:04 -------- d-----w- c:\users\sliick~1\appdata\local\Adobe
2011-03-10 11:00:55 -------- d-----w- C:\9c266599ea92b7a5ad1aee856a
2011-03-10 00:36:31 -------- d-----w- c:\program files\ESET
2011-03-09 22:52:59 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-03-09 22:52:59 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-03-09 22:52:58 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-09 22:52:58 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 22:52:58 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 22:52:57 850944 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 22:52:57 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 04:23:38 -------- d-----w- c:\users\sliick~1\appdata\roaming\Malwarebytes
2011-03-09 04:22:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-09 04:22:05 -------- d-----w- c:\progra~3\Malwarebytes
2011-03-09 04:22:02 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-09 04:22:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-06 18:09:35 469256 ----a-w- c:\program files\common files\windows live\.cache\a5484d601cbdc2929\InstallManager_WLE_WLE.exe
2011-03-06 18:09:10 15712 ----a-w- c:\program files\common files\windows live\.cache\976576501cbdc291f\MeshBetaRemover.exe
2011-03-06 18:08:47 94040 ----a-w- c:\program files\common files\windows live\.cache\892da1701cbdc2917\DSETUP.dll
2011-03-06 18:08:47 525656 ----a-w- c:\program files\common files\windows live\.cache\892da1701cbdc2917\DXSETUP.exe
2011-03-06 18:08:47 1691480 ----a-w- c:\program files\common files\windows live\.cache\892da1701cbdc2917\dsetup32.dll
2011-03-06 18:08:43 94040 ----a-w- c:\program files\common files\windows live\.cache\866077b01cbdc2916\DSETUP.dll
2011-03-06 18:08:43 525656 ----a-w- c:\program files\common files\windows live\.cache\866077b01cbdc2916\DXSETUP.exe
2011-03-06 18:08:43 1691480 ----a-w- c:\program files\common files\windows live\.cache\866077b01cbdc2916\dsetup32.dll
2011-03-06 17:57:59 -------- d-----w- c:\windows\system32\SPReview
2011-03-06 17:56:20 -------- d-----w- c:\windows\system32\EventProviders
2011-03-06 17:52:59 653312 ----a-w- c:\windows\system32\rpcrt4.dll
2011-03-06 17:51:59 516096 ----a-w- c:\windows\system32\main.cpl
2011-03-06 17:50:50 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-03-06 17:50:49 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-03-06 17:50:49 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-03-06 17:50:49 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-03-06 17:50:39 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-03-06 17:50:30 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-03-06 17:50:30 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-03-06 17:49:41 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-03-06 17:49:40 257024 ----a-w- c:\windows\system32\dpx.dll
2011-03-02 09:09:30 -------- d-----w- c:\program files\CCleaner
2011-03-02 09:05:09 388096 ----a-r- c:\users\sliick~1\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-03-02 09:05:09 -------- d-----w- c:\program files\Trend Micro
2011-03-02 08:15:24 -------- d-----w- c:\users\sliicktalk\Shortcuts
2011-03-02 08:02:00 -------- d-----w- c:\users\sliicktalk\Gadgets
2011-03-02 07:57:24 -------- d-----w- c:\program files\RocketDock
2011-03-02 07:37:53 -------- d-----w- c:\users\sliick~1\appdata\roaming\Trend Micro Inc
2011-03-01 03:57:03 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-03-01 03:56:40 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-03-01 03:56:06 -------- d-----w- c:\program files\Microsoft
2011-03-01 03:55:47 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-03-01 03:53:58 74520 ----a-w- c:\program files\common files\windows live\.cache\4b35ccd01cbd7c4\DSETUP.dll
2011-03-01 03:53:58 484632 ----a-w- c:\program files\common files\windows live\.cache\4b35ccd01cbd7c4\DXSETUP.exe
2011-03-01 03:53:58 1670936 ----a-w- c:\program files\common files\windows live\.cache\4b35ccd01cbd7c4\dsetup32.dll
2011-03-01 03:44:25 -------- d-----w- c:\users\sliick~1\appdata\local\{260FD795-6B29-4F84-A838-416149EF6EE3}
2011-03-01 03:42:46 -------- d-----w- c:\users\sliicktalk\Tracing
2011-02-28 20:44:00 -------- d-----w- c:\windows\nvtmpinst
2011-02-28 20:34:55 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-02-28 20:34:55 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-28 20:34:55 107520 ----a-w- c:\windows\system32\cdd.dll
2011-02-28 20:28:55 -------- d-----w- c:\windows\system32\Wat
2011-02-28 09:42:47 219136 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-02-28 09:42:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-02-28 09:32:23 41984 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-02-28 09:32:05 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-28 09:31:47 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-28 09:31:47 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-28 09:30:58 70656 ----a-w- c:\windows\system32\fontsub.dll
2011-02-28 09:30:58 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-28 09:30:58 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-02-28 09:30:55 542208 ----a-w- c:\windows\system32\kerberos.dll
2011-02-28 09:30:51 2330624 ----a-w- c:\windows\system32\win32k.sys
2011-02-28 09:29:17 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-02-28 08:54:40 -------- d-----w- c:\users\sliick~1\appdata\local\NeoSmart_Technologies
2011-02-28 08:54:03 -------- d-----w- c:\program files\NeoSmart Technologies
2011-02-28 08:41:49 -------- d-----w- c:\progra~3\NexonUS
2011-02-28 08:41:49 -------- d-----w- C:\Nexon
2011-02-28 07:44:28 -------- d-----w- c:\program files\AVG
2011-02-28 07:41:23 -------- d-----w- c:\users\sliick~1\appdata\local\Windows Live
2011-02-28 07:41:22 -------- d-----w- c:\program files\common files\Windows Live
2011-02-28 07:35:23 -------- d-----w- c:\progra~3\IObit
2011-02-28 07:35:22 -------- d-----w- c:\program files\IObit
2011-02-28 07:33:57 -------- d-----w- c:\users\sliick~1\appdata\local\PMB Files
2011-02-28 07:33:55 -------- d-----w- c:\progra~3\PMB Files
2011-02-28 07:33:34 -------- d-----w- c:\program files\Pando Networks
2011-02-28 07:14:58 -------- d-----w- c:\users\sliick~1\appdata\local\Apple Computer
2011-02-28 07:14:48 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-02-28 07:14:48 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-02-28 07:14:22 -------- d-----w- c:\program files\iPod
2011-02-28 07:14:21 -------- d-----w- c:\program files\iTunes
2011-02-28 07:14:21 -------- d-----w- c:\progra~3\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-02-28 07:09:48 -------- d-----w- c:\program files\Microsoft IntelliPoint
2011-02-28 05:42:47 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2011-02-28 05:42:47 32656 ----a-w- c:\windows\system32\msonpmon.dll
2011-02-28 05:41:57 -------- d-----w- c:\windows\PCHEALTH
2011-02-28 05:40:42 -------- d-----w- c:\users\sliick~1\appdata\local\Microsoft Help
2011-02-28 05:36:59 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2011-02-28 05:36:54 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2011-02-28 05:36:54 21320 ----a-w- c:\windows\system32\authuitu.dll
2011-02-28 05:36:41 -------- d-----w- c:\users\sliick~1\appdata\roaming\TuneUp Software
2011-02-28 05:36:34 -------- d-----w- c:\program files\TuneUp Utilities 2010
2011-02-28 05:36:34 -------- d-----w- c:\progra~3\TuneUp Software
2011-02-28 05:28:48 -------- d-----w- c:\program files\Realtek
2011-02-28 05:28:46 -------- d--h--w- c:\program files\Temp
2011-02-28 05:28:45 1284712 ----a-w- c:\windows\RtlExUpd.dll
2011-02-28 05:28:44 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2011-02-28 05:28:43 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
2011-02-28 05:28:43 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
2011-02-28 05:28:43 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
2011-02-28 05:28:42 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
2011-02-28 05:28:42 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
2011-02-28 05:28:41 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll
2011-02-28 05:28:41 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll
2011-02-28 05:05:47 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2011-02-28 05:05:45 -------- d-----w- c:\program files\Broadcom
2011-02-28 05:04:27 397312 ----a-w- c:\windows\system32\athihvs.dll
2011-02-28 05:04:27 1263104 ----a-w- c:\windows\system32\drivers\athr.sys
2011-02-28 05:04:27 -------- d-----w- c:\windows\system32\nn-NO
2011-02-28 05:04:17 -------- d-----w- c:\program files\Cisco
2011-02-28 05:04:17 -------- d-----w- c:\program files\Atheros
2011-02-28 04:32:17 5943120 ----a-w- c:\progra~3\microsoft\windows defender\definition updates\{052dbd4d-68ef-4c2a-b8ec-d27f162aad14}\mpengine.dll
2011-02-28 04:32:16 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-28 04:15:31 -------- d-----w- c:\users\sliick~1\appdata\local\Google
2011-02-28 04:15:21 -------- d-----w- c:\users\sliick~1\appdata\local\Deployment
2011-02-28 04:15:21 -------- d-----w- c:\users\sliick~1\appdata\local\Apps
2011-02-28 04:12:36 -------- d-----w- c:\users\sliick~1\appdata\local\ElevatedDiagnostics
2011-02-28 04:11:03 48128 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
2011-02-28 04:11:03 44544 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2011-02-28 04:11:03 38400 ----a-w- c:\windows\system32\drivers\rixdptsk.sys
2011-02-28 04:11:03 114688 ----a-w- c:\windows\system32\RicohMediadriverVer.dll
2011-02-28 04:11:02 90112 ----a-w- c:\windows\system32\snymsico.dll
2011-02-28 04:11:02 172032 ----a-w- c:\windows\system32\rixdicon.dll
2011-02-28 03:53:11 -------- d-----w- c:\users\sliick~1\appdata\roaming\hpqLog
2011-02-28 03:52:29 -------- d-----w- c:\program files\CONEXANT
2011-02-28 03:50:34 61440 ----a-w- c:\windows\system32\athihvui.dll
2011-02-28 03:49:25 -------- d-sh--w- c:\windows\Installer
2011-02-28 03:49:01 -------- d-----w- c:\progra~3\Atheros
2011-02-28 03:44:47 768544 ----a-w- c:\windows\system32\nvcplui.exe
2011-02-28 03:44:47 420384 ----a-w- c:\windows\system32\nvcpl.cpl
2011-02-28 03:44:47 313888 ----a-w- c:\windows\system32\nvexpbar.dll
2011-02-28 03:44:47 1079840 ----a-w- c:\windows\system32\nvcpluir.dll
2011-02-28 03:38:43 1732 ----a-w- c:\windows\system32\drivers\nvphy.bin
2011-02-28 03:38:40 356352 ----a-w- c:\windows\system32\nvusmu.exe
2011-02-28 03:38:38 356352 ----a-w- c:\windows\system32\nvusmb.exe
2011-02-28 03:38:28 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2011-02-28 03:31:46 -------- d-----w- c:\windows\system32\wbem\Performance
2011-02-28 03:13:11 -------- d-----w- c:\windows\Panther
2011-02-28 03:04:32 -------- d-----w- C:\Windows.old.000

==================== Find3M ====================

2011-03-06 18:05:54 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-01-07 23:56:12 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2010-12-15 07:14:06 504672 ----a-w- c:\windows\system32\ipcoin801.dll

============= FINISH: 13:08:32.28 ===============


-----------------------------------

The computer runs normally as how it would before, no changes so far. Going to uninstall avg now will report back when I do.
You do not have the required permissions to view the files attached to this post.
Last edited by superleggera on March 11th, 2011, 5:11 pm, edited 1 time in total.
superleggera
Active Member
 
Posts: 8
Joined: March 2nd, 2011, 5:37 am

Re: Possible Infection?

Unread postby Bob4 » March 10th, 2011, 9:27 pm

I need a new DDS log when you have finished uninstalling AVG
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Possible Infection?

Unread postby superleggera » March 11th, 2011, 5:11 pm

AVG uninstalled, updated the log
superleggera
Active Member
 
Posts: 8
Joined: March 2nd, 2011, 5:37 am

Re: Possible Infection?

Unread postby Bob4 » March 12th, 2011, 4:20 am

You'll be glad you changed your Anti Virus program.

Navigate to and delete these files and folders.

C:\SWSetup\AOLIMS\setup.exe <file
C:\Windows.old\Documents and Settings\SDFly\Documents\My Music\AVG Anti-Virus Professional 9.0 Build 663a1706 < Folder
D:\Miscellaneous\AVG\Keygen < Folder



Nice work. Your system seems to be clean again.
Just a few things to clean up some of what we used and a few preventative tips.




_____________________________
This process is going to clean up some of the tools we have used.
Open OTL.exe click on the cleanup button. You will be asked to reboot.
Please do so now to clean up some tools.



___________________________________
Please create a 'clean' System Restore Point:
The reason for doing this is in case you need system restore you don't put back all we just took out.

Vista and windows 7
  • Right click computer
  • click system properties
  • choose System protection.
  • Choose configure
  • Place a check mark by turn off system restore
    Windows will give you a warning click yes
  • Click APPLY
  • REBOOT the computer

Now go right back to the same place and place a check mark by system restore
Click APPLYand OK


______________________________________
Windows Updates
Be certain automatic updates are turned on
Windows 7

This will ensure your computer has always the latest security updates available installed on your computer.
If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical/important updates.
I know rebooting sometimes can be at an inconvenient time. Postpone it till later. This will still take less time than we needed to fix your machine. ;-)


_________________________________
Replace your host file
What this does... A host file is a list of known bad sites.
When you click or type in a link the host file is checked first.
If that link you typed or clicked is in the host file your browser will redirect you to http://127.0.0.1 .
A page on your computer. Go ahead and click that. Then use the back button to come back.

Download HostsXpert v4.1 and unzip it to your desktop.
  • Double click on HostsXpert.exe
  • Click on Make writeable. (if Available) You should now see Make Readable.
  • Then click on Download<< MVPs Hosts << Replace. If your firewall asks allow it.
    Once it's done.
  • Click on Make Hosts Read Only to secure it against further infection.

______________________________________
  • Disable DNS Client Service. This is necessary when installing a large HOSTS file.
  • Click Start
  • Type services.msc in the box and hit <Enter>
  • Give permission to continue if necessary.
  • Scroll down to DNS Client on the list, Right Click it and choose Properties.
  • Under Service Status, click Stop. Wait until it reports the service stopped.
  • Under Startup Type, choose Disabled.
  • Then click Apply, OK

_______________________________________
Always watch closely to any software your installing.
If they want to install something more than their program stop right there and investigate what it is they want to place on your computer.
If they give you the option not to install it choose that until you investigate it completely.
The more you install that you don't want or need the more you'll wish you didn't.

Here's a good read, if you care to, on...So how did you get infected in the first place ?



Safe and Happy Surfing. :)
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 279 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware