Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

suspected spyware infection

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

suspected spyware infection

Unread postby wbrobins » March 26th, 2011, 11:28 pm

Running windows 7 64bit, my son was trying to find some pictures for wizard101 using google and brought his laptop out to me as it started doing some kind of virus scan(not AVG). Both log files from dds are posted below. can also get a HJT scan if needed.

thank you for your time.

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Dad at 23:09:41.47 on Sat 03/26/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1979.859 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10o_ActiveX.exe
C:\Users\Dad\Downloads\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Dad\Downloads\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
mRun-x64: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1205000.07D\symds64.sys [2011-1-29 450608]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1205000.07D\symefa64.sys [2011-1-29 802864]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys [2010-11-11 945200]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys [2010-11-11 463408]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1205000.07D\ironx64.sys [2011-1-29 171128]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1205000.07D\symnets.sys [2011-1-29 382072]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-11 98208]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-8-5 681528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe [2011-1-29 130000]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-3 157264]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-3 35920]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-9-29 31088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-11-11 132656]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2010-11-11 1041760]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-11-11 347680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-29 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2011-03-27 02:02:04 -------- d--h--w- C:\$AVG
2011-03-16 16:12:18 -------- d-----w- C:\PROGRA~3\KingsIsle Entertainment
2011-03-10 01:38:34 -------- d-----w- C:\128775b72bc9da83e60cd1
.
==================== Find3M ====================
.
2011-02-19 06:37:44 1135104 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 06:37:10 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 06:36:49 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 05:32:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 05:32:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-02-03 02:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-01-07 08:07:24 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-01-07 08:07:24 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 07:31:10 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-01-07 07:31:10 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 23:10:39.11 ===============


here is the attach text.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/28/2011 11:53:37 PM
System Uptime: 3/26/2011 10:43:27 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 1605
Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz | CPU | 2194/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 214 GiB total, 172.289 GiB free.
D: is FIXED (NTFS) - 19 GiB total, 2.736 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP44: 2/16/2011 5:41:34 PM - Windows Update
RP45: 2/16/2011 8:37:08 PM - Windows Update
RP46: 2/16/2011 9:34:18 PM - Windows Update
RP47: 2/18/2011 4:36:47 PM - Windows Update
RP48: 2/18/2011 5:07:16 PM - Windows Update
RP49: 2/18/2011 5:28:09 PM - Windows Update
RP50: 2/19/2011 9:16:19 AM - Windows Update
RP51: 2/19/2011 11:45:02 AM - Windows Update
RP52: 2/19/2011 5:11:35 PM - Windows Update
RP53: 2/19/2011 6:01:31 PM - Windows Update
RP54: 2/20/2011 8:17:14 AM - Windows Update
RP55: 2/20/2011 7:50:45 PM - HPSF Applying updates
RP56: 2/20/2011 8:02:00 PM - Installed HP Support Assistant
RP57: 2/20/2011 8:06:18 PM - Windows Modules Installer
RP58: 2/20/2011 8:07:27 PM - Windows Modules Installer
RP59: 2/21/2011 5:59:08 PM - Windows Update
RP60: 2/24/2011 3:56:18 PM - Windows Update
RP61: 2/24/2011 8:12:19 PM - Installed Java(TM) 6 Update 24
RP62: 3/7/2011 4:28:12 PM - HPSF Applying updates
RP63: 3/7/2011 4:36:10 PM - Installed Ralink Wireless LAN
RP64: 3/7/2011 4:40:23 PM - Removed HP Quick Launch
RP65: 3/7/2011 4:41:12 PM - Installed HP Quick Launch
RP66: 3/8/2011 4:38:09 PM - Windows Update
RP67: 3/9/2011 8:37:59 PM - Windows Update
RP68: 3/10/2011 7:06:11 AM - Windows Update
RP69: 3/16/2011 12:11:59 PM - Installed Wizard101
RP70: 3/17/2011 10:35:10 AM - Windows Update
RP71: 3/23/2011 5:48:53 PM - Windows Update
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.3 MUI
Adobe Shockwave Player 11.5
Agatha Christie - Peril at End House
Bejeweled 2 Deluxe
Bing Bar
Bing Rewards Client Installer
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Build-a-lot 2
Cake Mania
Chuzzle Deluxe
Compaq Setup Manager
CyberLink DVD Suite
CyberLink MediaShow
CyberLink PowerDVD 9
CyberLink YouCam
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Energy Star Digital Logo
Escape Rosecliff Island
ESU for Microsoft Windows 7
Farm Frenzy
FATE
Final Drive Nitro
Heroes of Hellas 2 - Olympia
HP CloudDrive
HP Customer Experience Enhancements
HP Documentation
HP Games
HP MovieStore
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Setup
HP Software Framework
HP Support Assistant
HPAsset component for HP Active Support Library
Intel(R) Graphics Media Accelerator Driver
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 24
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
LightScribe System Software
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WSE 3.0 Runtime
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The London Caper
Norton Internet Security
Norton Online Backup
Penguins!
PhotoNow!
Plants vs. Zombies
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
Ralink RT5390 802.11b/g/n WiFi Adapter
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Recovery Manager
RoxioNow Player
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Times Reader
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update Installer for WildTangent Games App
Virtual Families
Virtual Villagers 4 - The Tree of Life
Visual Studio 2008 x64 Redistributables
Wheel of Fortune 2
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Wizard101
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
3/25/2011 8:00:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
3/23/2011 8:49:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
3/23/2011 6:38:38 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
3/19/2011 11:28:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
.
==== End Of File ===========================
wbrobins
Active Member
 
Posts: 5
Joined: March 26th, 2011, 11:17 pm
Advertisement
Register to Remove

Re: suspected spyware infection

Unread postby askey127 » March 28th, 2011, 6:30 pm

I would print this out first, to be sure you are doing everything in the correct sequence. Don't Guess.

We are going to remove your old Norton, the Adobe reader, and AVG 2011 antivirus and replace it with an antivirus called Avira Antivir.
This is necessary to for all our tools to work correctly.
(We will replace the Adobe Reader later).
Then we will have Antivir run a scan and give us a report without removing anything.
-----------------------------------------------
Download Antivir Free
This program is free for personal, non-business use.
Download AntiVir Free from here : http://www.softpedia.com/get/Antivirus/AntiVir-Personal-Edition.shtml
Click the Download button. Then when the "Download Locations" page comes up, choose the first External Mirror (exe)
Save the Installer to your desktop, but don't run it yet. The installer file will be named avira_antivir_personal_en.exe
Double check to be sure you know where to find it.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Norton Internet Security
AVG 2011
Adobe Reader 9.3.3 MUI

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------
Install Antivir
Right Click the Avira Antivir Installer you saved on your desktop, choose "Run as administrator", and let it Install Antivir.
-----------------------------------------------
Update and Scan with Antivir
Right click the red umbrella icon and choose Start Antivir.
When the window comes up click Start Update.
When the update is complete, click on Scan System Now.
This full scan could take a hour or more.
It will ask what to do with any items it finds.
IMPORTANT >> For Now, tell it to IGNORE any items it finds. Do not choose Quarantine or Delete.
-----------------------------------------------
Get Last Avira Report
Right click the red umbrella icon in the system tray and click Start Antivir
In the left pane, click Overview, then click Reports
There wil be reports titled Update and reports titled Scan. Find the most recent report in the list titled Scan
Click on the Report File button, or Right click the report and choose Display Report.
The report contents will come up in Notepad. Highlight the entire report (Ctrl+A) and copy to the clipboard (Ctrl+C).
Paste the contents (Ctrl+V) into your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: suspected spyware infection

Unread postby wbrobins » March 29th, 2011, 7:53 am

Thank you askey, I will have to wait until tomorrow(Wednesday) to do this as i am on the road right now but as soon as I get home, I will post the avira report.
wbrobins
Active Member
 
Posts: 5
Joined: March 26th, 2011, 11:17 pm

Re: suspected spyware infection

Unread postby wbrobins » March 30th, 2011, 7:21 am

Avira AntiVir Personal
Report file date: Wednesday, March 30, 2011 06:07

Scanning for 2542392 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 x64
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : SYSTEM
Computer name : BRYAN-HP

Version information:
BUILD.DAT : 10.0.0.635 31822 Bytes 3/7/2011 12:15:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 3/4/2011 18:36:52
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 16:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 3/4/2011 18:36:59
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 03:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 13:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 18:37:07
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 18:37:08
VBASE003.VDF : 7.11.3.1 2048 Bytes 2/9/2011 18:37:08
VBASE004.VDF : 7.11.3.2 2048 Bytes 2/9/2011 18:37:08
VBASE005.VDF : 7.11.3.3 2048 Bytes 2/9/2011 18:37:08
VBASE006.VDF : 7.11.3.4 2048 Bytes 2/9/2011 18:37:08
VBASE007.VDF : 7.11.3.5 2048 Bytes 2/9/2011 18:37:08
VBASE008.VDF : 7.11.3.6 2048 Bytes 2/9/2011 18:37:08
VBASE009.VDF : 7.11.3.7 2048 Bytes 2/9/2011 18:37:08
VBASE010.VDF : 7.11.3.8 2048 Bytes 2/9/2011 18:37:08
VBASE011.VDF : 7.11.3.9 2048 Bytes 2/9/2011 18:37:09
VBASE012.VDF : 7.11.3.10 2048 Bytes 2/9/2011 18:37:09
VBASE013.VDF : 7.11.3.59 157184 Bytes 2/14/2011 18:37:09
VBASE014.VDF : 7.11.3.97 120320 Bytes 2/16/2011 18:37:09
VBASE015.VDF : 7.11.3.148 128000 Bytes 2/19/2011 18:37:09
VBASE016.VDF : 7.11.3.183 140288 Bytes 2/22/2011 18:37:09
VBASE017.VDF : 7.11.3.216 124416 Bytes 2/24/2011 22:02:23
VBASE018.VDF : 7.11.3.251 159232 Bytes 2/28/2011 20:08:03
VBASE019.VDF : 7.11.4.33 148992 Bytes 3/2/2011 22:30:49
VBASE020.VDF : 7.11.4.73 150016 Bytes 3/6/2011 20:14:47
VBASE021.VDF : 7.11.4.108 122880 Bytes 3/8/2011 12:14:22
VBASE022.VDF : 7.11.4.150 133120 Bytes 3/10/2011 12:14:22
VBASE023.VDF : 7.11.4.183 122368 Bytes 3/14/2011 12:14:23
VBASE024.VDF : 7.11.4.228 123392 Bytes 3/16/2011 12:14:23
VBASE025.VDF : 7.11.5.8 246272 Bytes 3/21/2011 12:14:24
VBASE026.VDF : 7.11.5.38 137216 Bytes 3/23/2011 12:14:25
VBASE027.VDF : 7.11.5.82 151552 Bytes 3/27/2011 12:14:25
VBASE028.VDF : 7.11.5.83 2048 Bytes 3/27/2011 12:14:25
VBASE029.VDF : 7.11.5.84 2048 Bytes 3/27/2011 12:14:26
VBASE030.VDF : 7.11.5.85 2048 Bytes 3/27/2011 12:14:26
VBASE031.VDF : 7.11.5.106 113664 Bytes 3/29/2011 12:14:26
Engineversion : 8.2.4.192
AEVDF.DLL : 8.1.2.1 106868 Bytes 3/4/2011 18:36:49
AESCRIPT.DLL : 8.1.3.57 1261947 Bytes 3/29/2011 12:14:36
AESCN.DLL : 8.1.7.2 127349 Bytes 3/4/2011 18:36:48
AESBX.DLL : 8.1.3.2 254324 Bytes 3/4/2011 18:36:48
AERDL.DLL : 8.1.9.9 639347 Bytes 3/29/2011 12:14:35
AEPACK.DLL : 8.2.4.13 524662 Bytes 3/29/2011 12:14:34
AEOFFICE.DLL : 8.1.1.18 205178 Bytes 3/29/2011 12:14:32
AEHEUR.DLL : 8.1.2.91 3387767 Bytes 3/29/2011 12:14:32
AEHELP.DLL : 8.1.16.1 246134 Bytes 3/4/2011 18:36:41
AEGEN.DLL : 8.1.5.3 397684 Bytes 3/29/2011 12:14:27
AEEMU.DLL : 8.1.3.0 393589 Bytes 3/4/2011 18:36:40
AECORE.DLL : 8.1.19.2 196983 Bytes 3/4/2011 18:36:40
AEBB.DLL : 8.1.1.0 53618 Bytes 3/4/2011 18:36:39
AVWINLL.DLL : 10.0.0.0 19304 Bytes 3/4/2011 18:36:53
AVPREF.DLL : 10.0.0.0 44904 Bytes 3/4/2011 18:36:52
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 18:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 3/4/2011 18:36:52
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 3/4/2011 18:36:53
AVARKT.DLL : 10.0.22.6 231784 Bytes 3/4/2011 18:36:50
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 3/4/2011 18:36:51
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 18:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/4/2011 18:36:53
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 18:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 3/4/2011 18:37:12
RCTEXT.DLL : 10.0.58.0 97128 Bytes 3/4/2011 18:37:12

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Wednesday, March 30, 2011 06:07

Starting search for hidden objects.
C:\Users\Dad\AppData\Local\Microsoft\BingBar\Apps\Weather_63630244a02f4e4cb6cb9b09b2f886f3\7.0.609\images\pill_weather_150.png
C:\Users\Dad\AppData\Local\Microsoft\BingBar\Apps\Weather_63630244a02f4e4cb6cb9b09b2f886f3\7.0.609\images\pill_weather_150.png
[NOTE] The registry entry is invisible.
C:\Program Files\Common Files\Microsoft Shared\Windows Live
C:\Program Files\Common Files\Microsoft Shared\Windows Live
[NOTE] The registry entry is invisible.
C:\Program Files\Hewlett-Packard\HP Client Services\
C:\Program Files\Hewlett-Packard\HP Client Services\
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'avscan.exe' - '75' Module(s) have been scanned
Scan process 'avscan.exe' - '30' Module(s) have been scanned
Scan process 'avcenter.exe' - '75' Module(s) have been scanned
Scan process 'mscorsvw.exe' - '31' Module(s) have been scanned
Scan process 'BingApp.exe' - '31' Module(s) have been scanned
Scan process 'BingBar.exe' - '74' Module(s) have been scanned
Scan process 'iexplore.exe' - '121' Module(s) have been scanned
Scan process 'YCMMirage.exe' - '36' Module(s) have been scanned
Scan process 'iexplore.exe' - '79' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '38' Module(s) have been scanned
Scan process 'avgnt.exe' - '69' Module(s) have been scanned
Scan process 'HPMSGSVC.exe' - '47' Module(s) have been scanned
Scan process 'jusched.exe' - '26' Module(s) have been scanned
Scan process 'LightScribeControlPanel.exe' - '34' Module(s) have been scanned
Scan process 'SeaPort.EXE' - '52' Module(s) have been scanned
Scan process 'RNowSvc.exe' - '28' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '25' Module(s) have been scanned
Scan process 'HPWMISVC.exe' - '37' Module(s) have been scanned
Scan process 'HPDrvMntSvc.exe' - '19' Module(s) have been scanned
Scan process 'avguard.exe' - '68' Module(s) have been scanned
Scan process 'sched.exe' - '50' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '89' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Users\Bryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AE8Q5LPJ\InstallSystemDefender_085[1].exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\Users\Bryan\AppData\Local\Microsoft\Windows Sidebar\Gadgets\My00WebCam[1].gadget\flyout.html
[DETECTION] Contains recognition pattern of the HTML/Rce.Gen HTML script virus
C:\Users\Bryan\AppData\Local\Microsoft\Windows Sidebar\Gadgets\My00WebCam[1].gadget\gadget.html
[DETECTION] Contains recognition pattern of the HTML/Rce.Gen HTML script virus
Begin scan in 'D:\' <RECOVERY>

Beginning disinfection:
C:\Users\Bryan\AppData\Local\Microsoft\Windows Sidebar\Gadgets\My00WebCam[1].gadget\gadget.html
[DETECTION] Contains recognition pattern of the HTML/Rce.Gen HTML script virus
[WARNING] The file was ignored!
C:\Users\Bryan\AppData\Local\Microsoft\Windows Sidebar\Gadgets\My00WebCam[1].gadget\flyout.html
[DETECTION] Contains recognition pattern of the HTML/Rce.Gen HTML script virus
[WARNING] The file was ignored!
C:\Users\Bryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AE8Q5LPJ\InstallSystemDefender_085[1].exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[WARNING] The file was ignored!


End of the scan: Wednesday, March 30, 2011 07:17
Used time: 1:07:19 Hour(s)

The scan has been done completely.

32058 Scanned directories
1489784 Files were scanned
3 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
1489781 Files not concerned
3036 Archives were scanned
3 Warnings
0 Notes
426252 Objects were scanned with rootkit scan
3 Hidden objects were found
wbrobins
Active Member
 
Posts: 5
Joined: March 26th, 2011, 11:17 pm

Re: suspected spyware infection

Unread postby wbrobins » March 30th, 2011, 7:21 am

Avira AntiVir Personal
Report file date: Wednesday, March 30, 2011 06:07

Scanning for 2542392 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 x64
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : SYSTEM
Computer name : BRYAN-HP

Version information:
BUILD.DAT : 10.0.0.635 31822 Bytes 3/7/2011 12:15:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 3/4/2011 18:36:52
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 16:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 3/4/2011 18:36:59
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 03:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 13:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 18:37:07
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 18:37:08
VBASE003.VDF : 7.11.3.1 2048 Bytes 2/9/2011 18:37:08
VBASE004.VDF : 7.11.3.2 2048 Bytes 2/9/2011 18:37:08
VBASE005.VDF : 7.11.3.3 2048 Bytes 2/9/2011 18:37:08
VBASE006.VDF : 7.11.3.4 2048 Bytes 2/9/2011 18:37:08
VBASE007.VDF : 7.11.3.5 2048 Bytes 2/9/2011 18:37:08
VBASE008.VDF : 7.11.3.6 2048 Bytes 2/9/2011 18:37:08
VBASE009.VDF : 7.11.3.7 2048 Bytes 2/9/2011 18:37:08
VBASE010.VDF : 7.11.3.8 2048 Bytes 2/9/2011 18:37:08
VBASE011.VDF : 7.11.3.9 2048 Bytes 2/9/2011 18:37:09
VBASE012.VDF : 7.11.3.10 2048 Bytes 2/9/2011 18:37:09
VBASE013.VDF : 7.11.3.59 157184 Bytes 2/14/2011 18:37:09
VBASE014.VDF : 7.11.3.97 120320 Bytes 2/16/2011 18:37:09
VBASE015.VDF : 7.11.3.148 128000 Bytes 2/19/2011 18:37:09
VBASE016.VDF : 7.11.3.183 140288 Bytes 2/22/2011 18:37:09
VBASE017.VDF : 7.11.3.216 124416 Bytes 2/24/2011 22:02:23
VBASE018.VDF : 7.11.3.251 159232 Bytes 2/28/2011 20:08:03
VBASE019.VDF : 7.11.4.33 148992 Bytes 3/2/2011 22:30:49
VBASE020.VDF : 7.11.4.73 150016 Bytes 3/6/2011 20:14:47
VBASE021.VDF : 7.11.4.108 122880 Bytes 3/8/2011 12:14:22
VBASE022.VDF : 7.11.4.150 133120 Bytes 3/10/2011 12:14:22
VBASE023.VDF : 7.11.4.183 122368 Bytes 3/14/2011 12:14:23
VBASE024.VDF : 7.11.4.228 123392 Bytes 3/16/2011 12:14:23
VBASE025.VDF : 7.11.5.8 246272 Bytes 3/21/2011 12:14:24
VBASE026.VDF : 7.11.5.38 137216 Bytes 3/23/2011 12:14:25
VBASE027.VDF : 7.11.5.82 151552 Bytes 3/27/2011 12:14:25
VBASE028.VDF : 7.11.5.83 2048 Bytes 3/27/2011 12:14:25
VBASE029.VDF : 7.11.5.84 2048 Bytes 3/27/2011 12:14:26
VBASE030.VDF : 7.11.5.85 2048 Bytes 3/27/2011 12:14:26
VBASE031.VDF : 7.11.5.106 113664 Bytes 3/29/2011 12:14:26
Engineversion : 8.2.4.192
AEVDF.DLL : 8.1.2.1 106868 Bytes 3/4/2011 18:36:49
AESCRIPT.DLL : 8.1.3.57 1261947 Bytes 3/29/2011 12:14:36
AESCN.DLL : 8.1.7.2 127349 Bytes 3/4/2011 18:36:48
AESBX.DLL : 8.1.3.2 254324 Bytes 3/4/2011 18:36:48
AERDL.DLL : 8.1.9.9 639347 Bytes 3/29/2011 12:14:35
AEPACK.DLL : 8.2.4.13 524662 Bytes 3/29/2011 12:14:34
AEOFFICE.DLL : 8.1.1.18 205178 Bytes 3/29/2011 12:14:32
AEHEUR.DLL : 8.1.2.91 3387767 Bytes 3/29/2011 12:14:32
AEHELP.DLL : 8.1.16.1 246134 Bytes 3/4/2011 18:36:41
AEGEN.DLL : 8.1.5.3 397684 Bytes 3/29/2011 12:14:27
AEEMU.DLL : 8.1.3.0 393589 Bytes 3/4/2011 18:36:40
AECORE.DLL : 8.1.19.2 196983 Bytes 3/4/2011 18:36:40
AEBB.DLL : 8.1.1.0 53618 Bytes 3/4/2011 18:36:39
AVWINLL.DLL : 10.0.0.0 19304 Bytes 3/4/2011 18:36:53
AVPREF.DLL : 10.0.0.0 44904 Bytes 3/4/2011 18:36:52
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 18:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 3/4/2011 18:36:52
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 3/4/2011 18:36:53
AVARKT.DLL : 10.0.22.6 231784 Bytes 3/4/2011 18:36:50
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 3/4/2011 18:36:51
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 18:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/4/2011 18:36:53
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 18:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 3/4/2011 18:37:12
RCTEXT.DLL : 10.0.58.0 97128 Bytes 3/4/2011 18:37:12

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Wednesday, March 30, 2011 06:07

Starting search for hidden objects.
C:\Users\Dad\AppData\Local\Microsoft\BingBar\Apps\Weather_63630244a02f4e4cb6cb9b09b2f886f3\7.0.609\images\pill_weather_150.png
C:\Users\Dad\AppData\Local\Microsoft\BingBar\Apps\Weather_63630244a02f4e4cb6cb9b09b2f886f3\7.0.609\images\pill_weather_150.png
[NOTE] The registry entry is invisible.
C:\Program Files\Common Files\Microsoft Shared\Windows Live
C:\Program Files\Common Files\Microsoft Shared\Windows Live
[NOTE] The registry entry is invisible.
C:\Program Files\Hewlett-Packard\HP Client Services\
C:\Program Files\Hewlett-Packard\HP Client Services\
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'avscan.exe' - '75' Module(s) have been scanned
Scan process 'avscan.exe' - '30' Module(s) have been scanned
Scan process 'avcenter.exe' - '75' Module(s) have been scanned
Scan process 'mscorsvw.exe' - '31' Module(s) have been scanned
Scan process 'BingApp.exe' - '31' Module(s) have been scanned
Scan process 'BingBar.exe' - '74' Module(s) have been scanned
Scan process 'iexplore.exe' - '121' Module(s) have been scanned
Scan process 'YCMMirage.exe' - '36' Module(s) have been scanned
Scan process 'iexplore.exe' - '79' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '38' Module(s) have been scanned
Scan process 'avgnt.exe' - '69' Module(s) have been scanned
Scan process 'HPMSGSVC.exe' - '47' Module(s) have been scanned
Scan process 'jusched.exe' - '26' Module(s) have been scanned
Scan process 'LightScribeControlPanel.exe' - '34' Module(s) have been scanned
Scan process 'SeaPort.EXE' - '52' Module(s) have been scanned
Scan process 'RNowSvc.exe' - '28' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '25' Module(s) have been scanned
Scan process 'HPWMISVC.exe' - '37' Module(s) have been scanned
Scan process 'HPDrvMntSvc.exe' - '19' Module(s) have been scanned
Scan process 'avguard.exe' - '68' Module(s) have been scanned
Scan process 'sched.exe' - '50' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '89' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Users\Bryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AE8Q5LPJ\InstallSystemDefender_085[1].exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\Users\Bryan\AppData\Local\Microsoft\Windows Sidebar\Gadgets\My00WebCam[1].gadget\flyout.html
[DETECTION] Contains recognition pattern of the HTML/Rce.Gen HTML script virus
C:\Users\Bryan\AppData\Local\Microsoft\Windows Sidebar\Gadgets\My00WebCam[1].gadget\gadget.html
[DETECTION] Contains recognition pattern of the HTML/Rce.Gen HTML script virus
Begin scan in 'D:\' <RECOVERY>

Beginning disinfection:
C:\Users\Bryan\AppData\Local\Microsoft\Windows Sidebar\Gadgets\My00WebCam[1].gadget\gadget.html
[DETECTION] Contains recognition pattern of the HTML/Rce.Gen HTML script virus
[WARNING] The file was ignored!
C:\Users\Bryan\AppData\Local\Microsoft\Windows Sidebar\Gadgets\My00WebCam[1].gadget\flyout.html
[DETECTION] Contains recognition pattern of the HTML/Rce.Gen HTML script virus
[WARNING] The file was ignored!
C:\Users\Bryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AE8Q5LPJ\InstallSystemDefender_085[1].exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[WARNING] The file was ignored!


End of the scan: Wednesday, March 30, 2011 07:17
Used time: 1:07:19 Hour(s)

The scan has been done completely.

32058 Scanned directories
1489784 Files were scanned
3 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
1489781 Files not concerned
3036 Archives were scanned
3 Warnings
0 Notes
426252 Objects were scanned with rootkit scan
3 Hidden objects were found
wbrobins
Active Member
 
Posts: 5
Joined: March 26th, 2011, 11:17 pm

Re: suspected spyware infection

Unread postby askey127 » March 30th, 2011, 2:01 pm

Please Run The Antivir scan one more time. This time have it Delete or Quarantine anything it finds.
Then post the latest Scan Log.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: suspected spyware infection

Unread postby wbrobins » March 30th, 2011, 5:31 pm

Avira AntiVir Personal
Report file date: Wednesday, March 30, 2011 16:06

Scanning for 2548999 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 x64
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : SYSTEM
Computer name : BRYAN-HP

Version information:
BUILD.DAT : 10.0.0.635 31822 Bytes 3/7/2011 12:15:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 3/4/2011 18:36:52
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 16:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 3/4/2011 18:36:59
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 03:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 13:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 18:37:07
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 18:37:08
VBASE003.VDF : 7.11.3.1 2048 Bytes 2/9/2011 18:37:08
VBASE004.VDF : 7.11.3.2 2048 Bytes 2/9/2011 18:37:08
VBASE005.VDF : 7.11.3.3 2048 Bytes 2/9/2011 18:37:08
VBASE006.VDF : 7.11.3.4 2048 Bytes 2/9/2011 18:37:08
VBASE007.VDF : 7.11.3.5 2048 Bytes 2/9/2011 18:37:08
VBASE008.VDF : 7.11.3.6 2048 Bytes 2/9/2011 18:37:08
VBASE009.VDF : 7.11.3.7 2048 Bytes 2/9/2011 18:37:08
VBASE010.VDF : 7.11.3.8 2048 Bytes 2/9/2011 18:37:08
VBASE011.VDF : 7.11.3.9 2048 Bytes 2/9/2011 18:37:09
VBASE012.VDF : 7.11.3.10 2048 Bytes 2/9/2011 18:37:09
VBASE013.VDF : 7.11.3.59 157184 Bytes 2/14/2011 18:37:09
VBASE014.VDF : 7.11.3.97 120320 Bytes 2/16/2011 18:37:09
VBASE015.VDF : 7.11.3.148 128000 Bytes 2/19/2011 18:37:09
VBASE016.VDF : 7.11.3.183 140288 Bytes 2/22/2011 18:37:09
VBASE017.VDF : 7.11.3.216 124416 Bytes 2/24/2011 22:02:23
VBASE018.VDF : 7.11.3.251 159232 Bytes 2/28/2011 20:08:03
VBASE019.VDF : 7.11.4.33 148992 Bytes 3/2/2011 22:30:49
VBASE020.VDF : 7.11.4.73 150016 Bytes 3/6/2011 20:14:47
VBASE021.VDF : 7.11.4.108 122880 Bytes 3/8/2011 12:14:22
VBASE022.VDF : 7.11.4.150 133120 Bytes 3/10/2011 12:14:22
VBASE023.VDF : 7.11.4.183 122368 Bytes 3/14/2011 12:14:23
VBASE024.VDF : 7.11.4.228 123392 Bytes 3/16/2011 12:14:23
VBASE025.VDF : 7.11.5.8 246272 Bytes 3/21/2011 12:14:24
VBASE026.VDF : 7.11.5.38 137216 Bytes 3/23/2011 12:14:25
VBASE027.VDF : 7.11.5.82 151552 Bytes 3/27/2011 12:14:25
VBASE028.VDF : 7.11.5.122 154112 Bytes 3/30/2011 20:05:23
VBASE029.VDF : 7.11.5.123 2048 Bytes 3/30/2011 20:05:24
VBASE030.VDF : 7.11.5.124 2048 Bytes 3/30/2011 20:05:24
VBASE031.VDF : 7.11.5.133 62976 Bytes 3/30/2011 20:05:24
Engineversion : 8.2.4.192
AEVDF.DLL : 8.1.2.1 106868 Bytes 3/4/2011 18:36:49
AESCRIPT.DLL : 8.1.3.57 1261947 Bytes 3/29/2011 12:14:36
AESCN.DLL : 8.1.7.2 127349 Bytes 3/4/2011 18:36:48
AESBX.DLL : 8.1.3.2 254324 Bytes 3/4/2011 18:36:48
AERDL.DLL : 8.1.9.9 639347 Bytes 3/29/2011 12:14:35
AEPACK.DLL : 8.2.4.13 524662 Bytes 3/29/2011 12:14:34
AEOFFICE.DLL : 8.1.1.18 205178 Bytes 3/29/2011 12:14:32
AEHEUR.DLL : 8.1.2.91 3387767 Bytes 3/29/2011 12:14:32
AEHELP.DLL : 8.1.16.1 246134 Bytes 3/4/2011 18:36:41
AEGEN.DLL : 8.1.5.3 397684 Bytes 3/29/2011 12:14:27
AEEMU.DLL : 8.1.3.0 393589 Bytes 3/4/2011 18:36:40
AECORE.DLL : 8.1.19.2 196983 Bytes 3/4/2011 18:36:40
AEBB.DLL : 8.1.1.0 53618 Bytes 3/4/2011 18:36:39
AVWINLL.DLL : 10.0.0.0 19304 Bytes 3/4/2011 18:36:53
AVPREF.DLL : 10.0.0.0 44904 Bytes 3/4/2011 18:36:52
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 18:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 3/4/2011 18:36:52
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 3/4/2011 18:36:53
AVARKT.DLL : 10.0.22.6 231784 Bytes 3/4/2011 18:36:50
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 3/4/2011 18:36:51
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 18:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/4/2011 18:36:53
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 18:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 3/4/2011 18:37:12
RCTEXT.DLL : 10.0.58.0 97128 Bytes 3/4/2011 18:37:12

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Wednesday, March 30, 2011 16:06

Starting search for hidden objects.
C:\Program Files\Common Files\Microsoft Shared\Windows Live
C:\Program Files\Common Files\Microsoft Shared\Windows Live
[NOTE] The registry entry is invisible.
C:\Program Files\Hewlett-Packard\HP Client Services\
C:\Program Files\Hewlett-Packard\HP Client Services\
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'avscan.exe' - '75' Module(s) have been scanned
Scan process 'avscan.exe' - '30' Module(s) have been scanned
Scan process 'avcenter.exe' - '83' Module(s) have been scanned
Scan process 'mscorsvw.exe' - '31' Module(s) have been scanned
Scan process 'BingApp.exe' - '31' Module(s) have been scanned
Scan process 'BingBar.exe' - '72' Module(s) have been scanned
Scan process 'iexplore.exe' - '109' Module(s) have been scanned
Scan process 'YCMMirage.exe' - '36' Module(s) have been scanned
Scan process 'iexplore.exe' - '79' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '38' Module(s) have been scanned
Scan process 'avgnt.exe' - '69' Module(s) have been scanned
Scan process 'HPMSGSVC.exe' - '47' Module(s) have been scanned
Scan process 'jusched.exe' - '26' Module(s) have been scanned
Scan process 'LightScribeControlPanel.exe' - '34' Module(s) have been scanned
Scan process 'SeaPort.EXE' - '52' Module(s) have been scanned
Scan process 'RNowSvc.exe' - '28' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '25' Module(s) have been scanned
Scan process 'HPWMISVC.exe' - '37' Module(s) have been scanned
Scan process 'HPDrvMntSvc.exe' - '19' Module(s) have been scanned
Scan process 'avguard.exe' - '68' Module(s) have been scanned
Scan process 'sched.exe' - '50' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '89' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Users\Bryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AE8Q5LPJ\InstallSystemDefender_085[1].exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\Users\Bryan\AppData\Local\Microsoft\Windows Sidebar\Gadgets\My00WebCam[1].gadget\flyout.html
[DETECTION] Contains recognition pattern of the HTML/Rce.Gen HTML script virus
C:\Users\Bryan\AppData\Local\Microsoft\Windows Sidebar\Gadgets\My00WebCam[1].gadget\gadget.html
[DETECTION] Contains recognition pattern of the HTML/Rce.Gen HTML script virus
Begin scan in 'D:\' <RECOVERY>

Beginning disinfection:
C:\Users\Bryan\AppData\Local\Microsoft\Windows Sidebar\Gadgets\My00WebCam[1].gadget\gadget.html
[DETECTION] Contains recognition pattern of the HTML/Rce.Gen HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '486b059b.qua'.
C:\Users\Bryan\AppData\Local\Microsoft\Windows Sidebar\Gadgets\My00WebCam[1].gadget\flyout.html
[DETECTION] Contains recognition pattern of the HTML/Rce.Gen HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '53072a37.qua'.
C:\Users\Bryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AE8Q5LPJ\InstallSystemDefender_085[1].exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '015270d9.qua'.


End of the scan: Wednesday, March 30, 2011 17:29
Used time: 1:11:44 Hour(s)

The scan has been done completely.

32212 Scanned directories
1490132 Files were scanned
3 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
3 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
1490129 Files not concerned
3035 Archives were scanned
0 Warnings
3 Notes
426070 Objects were scanned with rootkit scan
2 Hidden objects were found
wbrobins
Active Member
 
Posts: 5
Joined: March 26th, 2011, 11:17 pm

Re: suspected spyware infection

Unread postby askey127 » March 30th, 2011, 6:17 pm

wbrobins,
--------------------------------------------------------
Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 10.0 are vulnerable.
Go HERE and click on AdbeRdr1001_en_US.exe to download the latest version of Adobe Acrobat Reader.
Save this file to your desktop and run it to install the latest version of Adobe Reader.

After the new Reader is installed, Open Adobe Reader X. (Right click and Run as administrator in Vista/Win7)
OK the license.
Click on Edit and select Preferences.
On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
Click the OK button

Let me know if you see any funny behavior after the chenges we have made.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: suspected spyware infection

Unread postby askey127 » April 3rd, 2011, 7:37 am

As this issue appears to be Resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 107 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware