Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I think I'm infected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I think I'm infected

Unread postby mjp1531 » November 9th, 2011, 2:22 pm

I'm using a laptop running Windows 7 (64). Just yesterday I noticed that anytime I open either of my browsers (IE and Chrome) I am redirected to something called Smartwebsearch.net Please help!!!

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Melissa at 10:14:02 on 2011-11-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5610.4032 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\ProgramData\TVersity\Media Server\MediaServer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\YoutubeDownloader.org\YoutubeDownloader\YoutubeDownloader Updater.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\msiexec.exe
C:\windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.smartwebsearch.net/index.php?from=3
uDefault_Page_URL = hxxp://start.toshiba.com
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
uRun: [NTServiceManager] C:\Program Files (x86)\YoutubeDownloader.org\YoutubeDownloader\YoutubeDownloader Updater.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1A89C5C6-1710-481B-A678-438666A72933} : DhcpNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\windows\system32\drivers\aswSnx.sys --> C:\windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\windows\system32\drivers\aswSP.sys --> C:\windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-9-5 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\windows\system32\drivers\aswFsBlk.sys --> C:\windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\windows\system32\drivers\aswMonFlt.sys --> C:\windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-10-13 44768]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 GFNEXSrv;GFNEX Service;C:\Windows\System32\GFNEXSrv.exe --> C:\Windows\System32\GFNEXSrv.exe [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-8 366152]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-9-18 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-9-18 126392]
R2 regi;regi;\??\C:\windows\system32\drivers\regi.sys --> C:\windows\system32\drivers\regi.sys [?]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\system32\drivers\AtihdW76.sys --> C:\windows\system32\drivers\AtihdW76.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-9-18 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-18 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-18 136176]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-11-09 18:08:54 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9D10E69D-B80B-4B57-9FE9-EA3D217F84B4}\offreg.dll
2011-11-09 18:08:49 388096 ----a-r- C:\Users\Melissa\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-09 17:59:40 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-11-09 06:29:48 -------- d-----w- C:\Users\Melissa\AppData\Roaming\AVG
2011-11-09 06:28:02 -------- d-----w- C:\Program Files (x86)\AVG
2011-11-09 06:23:12 118784 ----a-w- C:\windows\SysWow64\MSSTDFMT.DLL
2011-11-09 06:23:12 1071088 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX
2011-11-09 06:23:11 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2011-11-09 06:20:27 -------- d-----w- C:\ProgramData\STOPzilla!
2011-11-09 05:11:56 -------- d-----w- C:\Users\Melissa\AppData\Roaming\Youtube Downloader HD
2011-11-09 05:09:24 -------- d-----w- C:\Program Files\YoutubeDownloader.org
2011-11-09 05:08:42 -------- d-----w- C:\Program Files (x86)\YoutubeDownloader.org
2011-11-09 04:52:47 -------- d-----w- C:\ProgramData\YouTube Downloader
2011-11-09 04:52:42 -------- d-----w- C:\Program Files (x86)\YouTube Downloader
2011-11-09 00:56:54 -------- d-----w- C:\Users\Melissa\AppData\Roaming\Malwarebytes
2011-11-09 00:56:44 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-09 00:56:41 25416 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-11-09 00:56:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-08 22:08:16 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-08 22:08:16 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-08 22:08:15 1923952 ----a-w- C:\windows\System32\drivers\tcpip.sys
2011-11-08 22:08:14 3144704 ----a-w- C:\windows\System32\win32k.sys
2011-11-08 10:07:01 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9D10E69D-B80B-4B57-9FE9-EA3D217F84B4}\mpengine.dll
2011-11-07 20:19:49 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-11-03 19:39:39 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-11-03 19:39:39 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-11-03 19:39:39 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-11-03 19:39:39 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-11-03 19:39:39 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-11-03 19:39:39 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-11-03 19:39:39 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-10-29 20:10:14 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-10-29 20:10:01 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-10-28 03:27:26 -------- d-----w- C:\Users\Melissa\AppData\Roaming\IVideoWare
2011-10-28 01:50:18 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-10-27 23:33:34 -------- d-----w- C:\Users\Melissa\AppData\Roaming\SulusGames
2011-10-27 23:27:26 -------- d-----w- C:\ProgramData\MumboJumbo
2011-10-27 23:25:16 -------- d-----w- C:\Program Files (x86)\Foxy Games
2011-10-27 23:25:16 -------- d-----w- C:\Downloads
2011-10-27 16:17:57 -------- d-----w- C:\Users\Melissa\[ UsaBit.com ] - The.Change-Up.PROPER.UNRATED.DVDRip.XviD-COCAIN
2011-10-27 03:27:19 -------- d-----w- C:\Users\Melissa\AppData\Local\WinZip
2011-10-27 02:22:14 -------- d-----w- C:\Program Files (x86)\Games
2011-10-27 02:19:55 -------- d-----w- C:\Users\Melissa\AppData\Local\CrashDumps
2011-10-27 02:13:21 -------- d-----w- C:\ProgramData\SpecialBit
2011-10-24 21:29:02 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 21:29:02 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts
2011-10-20 20:10:36 85504 ----a-w- C:\windows\SysWow64\ff_vfw.dll
2011-10-20 20:10:35 -------- d-----w- C:\Program Files (x86)\ffdshow
2011-10-20 20:07:56 -------- d-----w- C:\Program Files (x86)\Xiph.Org
2011-10-20 20:07:51 -------- d-----w- C:\Program Files (x86)\TVersity Codec Pack
2011-10-20 20:07:37 -------- d-----w- C:\ProgramData\TVersity
2011-10-18 16:54:32 53248 ----a-r- C:\Users\Melissa\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
2011-10-18 16:52:46 -------- d-----w- C:\Users\Melissa\AppData\Local\Downloaded Installations
2011-10-18 16:50:15 -------- d-----w- C:\Users\Melissa\AppData\Local\Research In Motion
2011-10-18 16:50:14 -------- d-----w- C:\Users\Melissa\AppData\Roaming\Research In Motion
2011-10-18 16:44:39 31744 ----a-w- C:\windows\System32\drivers\RimSerial_AMD64.sys
2011-10-18 16:44:04 -------- d-----w- C:\ProgramData\Research In Motion
2011-10-18 16:43:47 -------- d-----w- C:\Program Files (x86)\Research In Motion
2011-10-18 16:43:47 -------- d-----w- C:\Program Files (x86)\Common Files\Research In Motion
2011-10-15 02:54:08 -------- d-----w- C:\fad686a0773a46b5dd35fc
2011-10-14 20:51:57 -------- d-----w- C:\windows\SysWow64\Wat
2011-10-14 20:51:55 -------- d-----w- C:\windows\System32\Wat
2011-10-14 15:23:59 -------- d-----w- C:\Users\Melissa\AppData\Local\Adobe
2011-10-13 19:39:49 601944 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2011-10-13 19:39:37 65368 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2011-10-13 19:39:15 41184 ----a-w- C:\windows\avastSS.scr
2011-10-13 19:39:06 -------- d-----w- C:\ProgramData\AVAST Software
2011-10-13 19:39:06 -------- d-----w- C:\Program Files\AVAST Software
2011-10-13 19:18:21 -------- d-----w- C:\Program Files\CCleaner
2011-10-13 02:08:28 -------- d-----w- C:\Users\Melissa\AppData\Local\Diagnostics
2011-10-12 19:36:48 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-10-12 18:17:00 -------- d-----w- C:\ProgramData\VirtualizedApplications
2011-10-12 16:06:35 -------- d-----w- C:\Users\Melissa\AppData\Local\SoftGrid Client
2011-10-12 16:06:34 -------- d-----w- C:\Users\Melissa\AppData\Roaming\SoftGrid Client
2011-10-12 16:05:37 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2011-10-12 16:05:27 -------- d-----w- C:\Users\Melissa\AppData\Roaming\TP
2011-10-12 15:37:26 -------- d-----w- C:\Users\Melissa\AppData\Roaming\Tific
2011-10-12 12:55:01 -------- d-----w- C:\ProgramData\Toshiba Book Place
2011-10-12 12:54:38 -------- d-----w- C:\Users\Melissa\AppData\Roaming\Book Place
2011-10-12 03:34:21 -------- d-----w- C:\Users\Melissa\AppData\Local\Apple Computer
2011-10-12 03:34:12 34152 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2011-10-12 03:34:12 126312 ----a-w- C:\windows\System32\GEARAspi64.dll
2011-10-12 03:34:12 107368 ----a-w- C:\windows\SysWow64\GEARAspi.dll
2011-10-12 03:33:54 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-10-12 03:33:54 -------- d-----w- C:\Program Files\iTunes
2011-10-12 03:33:54 -------- d-----w- C:\Program Files\iPod
2011-10-12 03:33:54 -------- d-----w- C:\Program Files (x86)\iTunes
2011-10-12 03:33:18 -------- d-----w- C:\Users\Melissa\AppData\Local\Apple
2011-10-12 03:03:23 -------- d-----w- C:\Program Files (x86)\Conduit
2011-10-12 03:03:23 -------- d-----w- C:\extensions
2011-10-12 03:03:22 -------- d-----w- C:\Users\Melissa\AppData\Local\Conduit
2011-10-12 03:02:57 -------- d-----w- C:\Program Files (x86)\uTorrent
2011-10-12 03:01:34 -------- d-----w- C:\Users\Melissa\AppData\Roaming\uTorrent
2011-10-12 03:01:34 -------- d-----w- C:\Users\Melissa\AppData\Local\uTorrent
2011-10-12 01:08:56 -------- d-----r- C:\Program Files (x86)\Skype
2011-10-12 01:05:38 -------- d-----w- C:\Users\Melissa\AppData\Local\Google
2011-10-12 00:52:23 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-10-12 00:49:12 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-10-12 00:45:37 861696 ----a-w- C:\windows\System32\oleaut32.dll
2011-10-12 00:45:37 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
2011-10-12 00:45:37 331776 ----a-w- C:\windows\System32\oleacc.dll
2011-10-12 00:45:37 233472 ----a-w- C:\windows\SysWow64\oleacc.dll
2011-10-12 00:45:35 5561216 ----a-w- C:\windows\System32\ntoskrnl.exe
2011-10-12 00:45:35 3912576 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2011-10-12 00:45:34 3967872 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2011-10-11 23:42:14 -------- d-----w- C:\Users\Melissa\AppData\Local\ATI
2011-10-11 23:42:02 -------- d-----w- C:\Users\Melissa\AppData\Local\TOSHIBA
2011-10-11 23:41:26 -------- d-----w- C:\Users\Melissa\AppData\Local\VirtualStore
2011-10-11 23:40:49 13 --sh--r- C:\windows\System32\drivers\fbd.sys
2011-10-11 23:40:13 -------- d-----w- C:\Users\Melissa\AppData\Roaming\WinBatch
.
==================== Find3M ====================
.
2011-10-23 01:50:27 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-18 15:14:50 0 ----a-w- C:\windows\ativpsrm.bin
2011-09-01 05:24:07 2309120 ----a-w- C:\windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-08-17 05:26:46 613888 ----a-w- C:\windows\System32\psisdecd.dll
2011-08-17 05:25:08 108032 ----a-w- C:\windows\System32\psisrndr.ax
2011-08-17 04:24:12 465408 ----a-w- C:\windows\SysWow64\psisdecd.dll
2011-08-17 04:19:27 75776 ----a-w- C:\windows\SysWow64\psisrndr.ax
.
============= FINISH: 10:16:50.58 ===============



ATTACH:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/11/2011 4:39:30 PM
System Uptime: 11/9/2011 10:05:30 AM (0 hours ago)
.
Motherboard: PEGATRON CORPORATION | | TKBSS
Processor: AMD A6-3400M APU with Radeon(tm) HD Graphics | CPU 1 | 1400/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 514.145 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
Device ID: PCI\VEN_10EC&DEV_8176&SUBSYS_818110EC&REV_01\019181FEFF4CE00000
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
PNP Device ID: PCI\VEN_10EC&DEV_8176&SUBSYS_818110EC&REV_01\019181FEFF4CE00000
Service: RTL8192Ce
.
==== System Restore Points ===================
.
RP33: 11/8/2011 9:58:23 PM - Removed YouTube Downloader Toolbar v4.7.
RP34: 11/8/2011 10:02:06 PM - Windows Update
RP35: 11/8/2011 10:20:05 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP36: 11/8/2011 10:53:48 PM - StopZILLA! Restore Point.
RP37: 11/9/2011 9:45:30 AM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP38: 11/9/2011 9:59:23 AM - Installed HiJackThis
RP39: 11/9/2011 10:01:56 AM - Removed HiJackThis
RP40: 11/9/2011 10:08:09 AM - Installed HiJackThis
.
==== Installed Programs ======================
.
µTorrent
7 Wonders - Magical Mystery Tour
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.1) MUI
AMD VISION Engine Control Center
Apple Application Support
Apple Software Update
avast! Free Antivirus
AVG PC Tuneup 2011 10.0.0.24
BlackBerry Desktop Software 6.1
BlackBerry Device Software Updater
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Corel WinDVD
D3DX10
ffdshow [rev 3154] [2009-12-09]
Google Chrome
Google Update Helper
HiJackThis
ImgBurn
Java Auto Updater
Java(TM) 6 Update 25
Junk Mail filter update
Label@Once 1.0
Malwarebytes' Anti-Malware version 1.51.2.1300
Mesh Runtime
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nocturnal - Boston Nightfall 1.00
PlayReady PC Runtime x86
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Skype Launcher
Skype™ 5.5
SpywareBlaster 4.4
Strange Cases 3 - The Secrets of Grey Mist Lake CE
TOSHIBA Bulletin Board
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBA Wireless LAN Indicator
TOSHIBARegistration
TVersity Codec Pack 1.7
TVersity Media Server 1.9.7
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip 15.5
Xiph.Org Open Codecs 0.85.17777
YouTube Downloader 3.4
.
==== Event Viewer Messages From Past Week ========
.
11/9/2011 9:46:30 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the szserver service.
11/9/2011 10:06:14 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv szkg5
11/8/2011 10:53:21 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
11/8/2011 10:53:21 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
.
==== End Of File ===========================
mjp1531
Active Member
 
Posts: 14
Joined: November 9th, 2011, 1:42 pm
Advertisement
Register to Remove

Re: I think I'm infected

Unread postby diver79 » November 10th, 2011, 6:23 pm

Hi and welcome to MalwareRemoval.com, sorry for any delay in answering your request for help, the forum is really busy.
My name is Diver79, and I will be helping you with your malware problems. I am currently in training at the Malware University. All of my instructions need to be checked and approved by a teacher, which may lead to a slight delay.

Before we start please note the following important guidelines.
  • The instructions given are for THIS computer only! Using these instructions on a different computer, can make it inoperable!
  • Please DO NOT run any other software or scans whilst I am helping you.

Note: If you haven't done so already, please ensure you have read the following article. ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
diver79 wrote:Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
How do I backup my files and folders in XP?
How to backup your data - Vista/Win7

Looking into your logs now. Will post instructions soon...

diver79.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: I think I'm infected

Unread postby mjp1531 » November 11th, 2011, 10:19 am

Thank you :) I look forward to getting this issue cleared up asap. It is quite annoying.
mjp1531
Active Member
 
Posts: 14
Joined: November 9th, 2011, 1:42 pm

Re: I think I'm infected

Unread postby diver79 » November 12th, 2011, 6:49 am

Hi mjp1531,

Please run the following scans and reply back with the logs.

MGA Diagnostic Tool Vista/Win7
  • Please download MGA Diagnostic Tool and save it to your Desktop.
  • Right click on MGADiag.exe and select Run As Administrator to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.


Scan with WVCheck:
Please download WVCheck and save it to the desktop.
  • Right-click WVCheck.exe > select " Run as administrator " and follow the prompts.
  • The scan may take some time depending on the Hard-Drive size.
  • Please post the contents of the notepad file WVCheck_1436_dd-mm-yyyy that can be located on the desktop.


Run CKScanner
  • Please download CKScanner from Here
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe > select " Run as administrator " then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: I think I'm infected

Unread postby mjp1531 » November 12th, 2011, 3:06 pm

Ok here goes:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-4F8HK-M4P73-W8DQG
Windows Product Key Hash: Xs1iQgVeo0C+sObJxS7eu+FuBPQ=
Windows Product ID: 00359-OEM-8992687-00057
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {3472AF4B-BAEB-40CC-982B-652986D753E0}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.110622-1506
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{3472AF4B-BAEB-40CC-982B-652986D753E0}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-W8DQG</PKey><PID>00359-OEM-8992687-00057</PID><PIDType>2</PIDType><SID>S-1-5-21-1063373011-3531056345-1856473049</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite L775D</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1.30</Version><SMBIOSVersion major="2" minor="7"/><Date>20110511000000.000000+000</Date></BIOS><HWID>40FA3807018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSASU</OEMID><OEMTableID>TOSASU00</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800057-02-1033-7601.0000-2072011
Installation ID: 000434608471622075875652411835474905675602203283351642
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: W8DQG
License Status: Licensed
Remaining Windows rearm count: 2
Trusted time: 11/12/2011 10:54:05 AM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: MgAAAAEABAABAAEAAAACAAAAAQABAAEAonbqjsTu7vtGodQupiYeo7x5Yj1oN0L3AGo=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC TOSASU TOSASU00
FACP TOSASU TOSASU00
HPET TOSASU TOSASU00
MCFG A M I GMCH945.
ECDT TOSASU TOSASU00
SLIC TOSASU TOSASU00
SSDT AMD POWERNOW
SSDT AMD POWERNOW


Windows Validation Check
Version: 1.9.12.5
Log Created On: 1057_12-11-2011
-----------------------

Windows Information
-----------------------
Windows Version: Windows 7 Service Pack 1
Windows Mode: Normal
Systemroot Path: C:\windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2011-11-12 06:22:14
Last Success Time for Update Download: 2011-11-12 06:23:49
Last Success Time for Update Installation: 2011-11-11 11:00:48


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
C:\Windows\System32\slwga.dll
Size: 14336 bytes
Creation; 20/11/2010 19:23:48
Modification; 20/11/2010 19:23:48
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\SysWOW64\slwga.dll
Size: 14336 bytes
Creation; 20/11/2010 19:23:48
Modification; 20/11/2010 19:23:48
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_5d778f71b9f4fd55\slwga.dll
Size: 15360 bytes
Creation; 20/11/2010 19:24:21
Modification; 20/11/2010 19:24:21
MD5; b6d6886149573278cba6abd44c4317f5
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f\slwga.dll
Size: 14336 bytes
Creation; 20/11/2010 19:23:48
Modification; 20/11/2010 19:23:48
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - 5e0db2d8b2750543cd2ebb9ea8e6cdd3




CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.KHAAAI
----- EOF -----



-------- End of File, program close at 1059_12-11-2011 --------
mjp1531
Active Member
 
Posts: 14
Joined: November 9th, 2011, 1:42 pm

Re: I think I'm infected

Unread postby diver79 » November 13th, 2011, 10:33 am

Hi mjp1531,

Remove P2P Programs
  • I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
    uTorrent
  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.


Step 1 - Uninstall Programs
  • Click on the start Orb
  • Type appwiz.cpl in the Search Programs and files search field, and press enter.
  • Press the Uninstall button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.
  • While you are there please also uninstall the below programs.
    • HiJackThis
    • Java(TM) 6 Update 25


Step 2 - TDSSKiller
Please download TDSSKiller.exe and save it to your Desktop.
  • Right click on TDSSKiller.exe and select Run as Administrator to launch it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT


Step 3 - OTL Scan
  • Download OTL to your desktop.
  • Right click on OTL.exe and select Run as Administrator. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: I think I'm infected

Unread postby Cypher » November 16th, 2011, 1:13 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 122 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware