Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Duplicate-DDS log, again...... zzzzzzzz taking over lol.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Duplicate-DDS log, again...... zzzzzzzz taking over lol.

Unread postby WormUSB » July 18th, 2012, 12:09 am

I can blame this on my mom, but yeah I was just on the web then coupon companion exe amazing apps wanted me to allow it. I then found it's location and deleted it. (program files x86)
wtf right, where did that come from.

Right after I noticed this bad boy came up in my local disk C
3590F75ABA9E485486C100C1A9D4FF06Z.ZZZ.ZZ...Z.Z.Z

It's full of files with the name zzzzzzz and lots of it.


DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Esc at 0:05:46 on 2012-07-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1918.880 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\WlanCU.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
mWinlogon: Userinit=userinit.exe
BHO: Coupon Companion: {11111111-1111-1111-1111-110011441193} - C:\Program Files (x86)\Coupon Companion\Coupon Companion.dll
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WIRELE~1.LNK - C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\WlanCU.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
TCP: DhcpNameServer = 192.168.0.1 216.165.129.158
TCP: Interfaces\{1EEDA798-E924-4A11-BB2F-A76B7ADF9AD1} : DhcpNameServer = 192.168.0.1 216.165.129.158
TCP: Interfaces\{2B34A124-1301-48A1-9D9D-472578B6EFCD} : DhcpNameServer = 192.168.0.1 216.165.129.158
BHO-X64: Coupon Companion: {11111111-1111-1111-1111-110011441193} - C:\Program Files (x86)\Coupon Companion\Coupon Companion.dll
BHO-X64: CrossriderApp0004493 - No File
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-11 655944]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-7-6 1262400]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;C:\Windows\system32\DRIVERS\RTL85n64.sys --> C:\Windows\system32\DRIVERS\RTL85n64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-29 250056]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-18 06:24:03 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06Z.ZZZ.ZZ...Z.Z.Z
2012-07-18 06:22:35 -------- d-----w- C:\Users\Esc\AppData\Local\Google
2012-07-18 06:22:33 -------- d-----w- C:\Users\Esc\AppData\Local\Coupon Companion
2012-07-17 18:49:25 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FF574931-829D-4FDE-9E08-CD5E803E6395}\gapaengine.dll
2012-07-17 18:49:15 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{63414C21-6835-45D0-A022-342A4251A06B}\mpengine.dll
2012-07-17 18:46:31 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-07-17 18:46:28 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-07-17 18:32:09 -------- d-----w- C:\Program Files\CCleaner
2012-07-17 18:27:40 202511 ----a-w- C:\ProgramData\1342549526.bdinstall.bin
2012-07-15 06:09:01 -------- d-----w- C:\ProgramData\BDLogging
2012-07-15 06:08:34 511328 ----a-w- C:\Windows\capicom.dll
2012-07-15 06:08:33 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2012-07-15 06:06:55 1700 ----a-w- C:\ProgramData\1342331698.3276.bin
2012-07-15 06:01:36 -------- d-----w- C:\Users\Esc\AppData\Roaming\QuickScan
2012-07-15 05:59:30 8546 ----a-w- C:\ProgramData\1342331698.2644.bin
2012-07-15 05:59:30 183054 ----a-w- C:\ProgramData\1342331698.432.bin
2012-07-15 05:59:29 7401 ----a-w- C:\ProgramData\1342331698.1644.bin
2012-07-15 05:59:29 13592 ----a-w- C:\ProgramData\1342331698.1036.bin
2012-07-15 05:59:29 1090 ----a-w- C:\ProgramData\1342331698.1792.bin
2012-07-15 05:59:29 1090 ----a-w- C:\ProgramData\1342331698.1068.bin
2012-07-15 05:59:15 3041 ----a-w- C:\ProgramData\1342331698.288.bin
2012-07-15 05:55:01 135546 ----a-w- C:\ProgramData\1342331698.2028.bin
2012-07-15 05:54:59 40588 ----a-w- C:\ProgramData\1342331698.2900.bin
2012-07-15 05:54:58 123487 ----a-w- C:\ProgramData\1342331698.1664.bin
2012-07-15 05:27:54 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-07-15 05:27:48 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{92F29626-458F-402F-9C8F-CE2FBEFB272E}\mpengine.dll
2012-07-12 02:25:55 -------- d-----w- C:\Users\Esc\AppData\Local\ElevatedDiagnostics
2012-07-12 02:07:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-12 01:45:55 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-06 13:47:50 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-07-06 13:45:37 68928 ----a-w- C:\Windows\System32\OpenCL.dll
2012-07-06 13:45:37 61248 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-07-06 13:45:36 1738048 ----a-w- C:\Windows\System32\nvdispco64.dll
2012-07-06 13:45:36 1468224 ----a-w- C:\Windows\System32\nvgenco64.dll
2012-07-06 13:32:39 506400 ----a-w- C:\Windows\System32\NVUNINST.EXE
2012-07-06 13:32:20 -------- d-----w- C:\NVIDIA
2012-07-05 23:06:59 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2012-07-05 22:57:19 -------- d--h--w- C:\Windows\msdownld.tmp
2012-07-05 22:57:19 -------- d-----w- C:\Windows\SysWow64\directx
2012-07-02 02:35:02 -------- d-----w- C:\Users\Esc\AppData\Local\Diagnostics
2012-07-01 21:05:30 2061928 ----a-w- C:\Windows\System32\drivers\RTL85n64.sys
2012-07-01 21:05:30 -------- d-----w- C:\Program Files\TRENDnet
2012-06-30 08:51:34 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2012-06-30 05:34:58 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2012-06-30 05:34:02 -------- d-----w- C:\ProgramData\Blizzard
2012-06-30 05:17:11 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-30 05:17:11 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-30 04:52:22 -------- d--h--w- C:\ProgramData\Common Files
2012-06-30 04:50:31 -------- d-----w- C:\Users\Esc\AppData\Roaming\Malwarebytes
2012-06-30 04:50:17 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-30 04:50:17 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-30 04:50:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-30 04:42:31 -------- d-----w- C:\ProgramData\MFAData
2012-06-30 03:59:59 -------- d-----w- C:\Windows\SysWow64\Wat
2012-06-30 03:59:58 -------- d-----w- C:\Windows\System32\Wat
2012-06-30 03:58:47 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-06-30 03:58:39 -------- d-----w- C:\Program Files\NVIDIA Corporation
2012-06-30 03:50:11 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-06-30 03:50:11 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-06-30 03:50:11 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-06-30 02:48:13 -------- d-----w- C:\Windows\Panther
2012-06-30 02:38:59 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-06-30 02:38:59 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-06-30 02:38:59 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-06-30 02:38:59 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-06-30 02:38:59 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-06-30 02:38:59 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-06-30 02:38:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-06-30 02:33:49 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-30 02:32:39 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-30 02:31:57 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-30 02:30:58 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-06-30 02:30:58 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-06-30 02:30:46 723456 ----a-w- C:\Windows\System32\EncDec.dll
2012-06-30 02:30:45 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-06-30 02:30:42 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2012-06-30 02:30:41 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-06-30 02:30:40 974336 ----a-w- C:\Windows\System32\WFS.exe
2012-06-30 02:30:40 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2012-06-30 02:30:39 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2012-06-30 02:30:39 31232 ----a-w- C:\Windows\System32\prevhost.exe
2012-06-30 02:29:06 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-06-30 02:29:06 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-06-30 02:26:49 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-06-30 02:26:49 2164224 ----a-w- C:\Program Files\Windows Journal\Journal.exe
2012-06-30 02:26:49 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-06-30 02:26:49 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-30 02:26:48 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-06-30 02:26:48 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-06-30 02:21:26 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-06-30 02:21:26 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-06-30 02:21:26 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-06-30 02:21:25 288640 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-06-30 02:20:26 77312 ----a-w- C:\Windows\System32\packager.dll
2012-06-30 02:20:25 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-06-30 02:19:16 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-06-30 02:19:16 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-06-30 02:19:16 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-06-30 02:15:25 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-30 02:15:19 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-30 02:15:13 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-30 02:15:13 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-30 02:10:12 -------- d-----w- C:\Program Files (x86)\TRENDnet
2012-06-30 02:09:42 -------- d-sh--w- C:\Windows\Installer
2012-06-29 16:24:40 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-06-29 16:24:40 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-29 15:47:09 -------- d-----w- C:\Windows\System32\SPReview
2012-06-29 15:43:58 98304 ----a-w- C:\Windows\SysWow64\nslookup.exe
2012-06-29 15:40:41 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2012-06-29 15:39:56 501248 ----a-w- C:\Windows\System32\WinSATAPI.dll
2012-06-29 15:38:59 156160 ----a-w- C:\Windows\System32\prntvpt.dll
2012-06-29 15:37:59 89088 ----a-w- C:\Windows\System32\amstream.dll
2012-06-29 14:11:26 -------- d-----w- C:\Windows\System32\EventProviders
2012-06-29 13:49:59 849920 ----a-w- C:\Windows\System32\qmgr.dll
2012-06-29 13:48:59 769536 ----a-w- C:\Windows\System32\sud.dll
2012-06-29 13:47:59 457216 ----a-w- C:\Windows\System32\imkr80.ime
2012-06-29 13:45:18 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2012-06-29 13:45:13 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2012-06-29 13:21:10 2565632 ----a-w- C:\Windows\System32\esent.dll
2012-06-29 13:21:10 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-06-29 13:21:09 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2012-06-29 13:21:08 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2012-06-29 13:21:08 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2012-06-29 13:21:07 96768 ----a-w- C:\Windows\System32\fsutil.exe
2012-06-29 13:21:07 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2012-06-29 13:21:07 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2012-06-29 13:21:07 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2012-06-29 13:21:07 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2012-06-29 13:21:07 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2012-06-29 13:12:52 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2012-06-29 13:12:51 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2012-06-29 13:12:51 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2012-06-29 13:12:51 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2012-06-29 13:12:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2012-06-29 13:12:51 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2012-06-29 13:12:51 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2012-06-21 21:38:57 -------- d-sh--w- C:\Recovery
2012-06-19 07:32:36 439672 ----a-w- C:\Windows\System32\drivers\b57nd60a.sys
.
==================== Find3M ====================
.
2012-06-29 15:54:41 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-06-29 15:54:40 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
============= FINISH: 0:06:45.89 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/29/2012 7:05:35 PM
System Uptime: 7/17/2012 9:57:20 PM (3 hours ago)
.
Motherboard: Dell Inc. | | 0YP696
Processor: AMD Athlon(tm) Processor 1640B | Socket M2 | 2705/1000mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 103.494 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Broadcom NetXtreme 57xx Gigabit Controller
Device ID: PCI\VEN_14E4&DEV_167A&SUBSYS_01EC1028&REV_02\4&1161B83A&0&0018
Manufacturer: Broadcom
Name: Broadcom NetXtreme 57xx Gigabit Controller
PNP Device ID: PCI\VEN_14E4&DEV_167A&SUBSYS_01EC1028&REV_02\4&1161B83A&0&0018
Service: b57nd60a
.
==== System Restore Points ===================
.
RP19: 7/11/2012 7:01:47 PM - Windows Update
RP20: 7/14/2012 10:21:45 PM - avast! Internet Security Setup
RP21: 7/14/2012 10:27:12 PM - Windows Update
RP22: 7/17/2012 12:01:11 PM - Windows Update
RP23: 7/17/2012 12:05:01 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Coupon Companion
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
TRENDnet 802.11g Wireless CardBus/PCI Adapter
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Visual Studio 2008 x64 Redistributables
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
7/17/2012 9:57:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
7/17/2012 12:06:17 PM, Error: Service Control Manager [7038] - The lmhosts service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/17/2012 12:06:17 PM, Error: Service Control Manager [7000] - The TCP/IP NetBIOS Helper service failed to start due to the following error: The service did not start due to a logon failure.
7/17/2012 12:02:39 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2010 Service Pack 1 Redistributable Package (KB2565063).
7/17/2012 12:02:33 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect.
7/17/2012 12:02:33 PM, Error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/17/2012 12:02:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
7/17/2012 11:26:02 AM, Error: Service Control Manager [7031] - The Bitdefender Desktop Parental Control service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/17/2012 11:16:50 AM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
WormUSB
Regular Member
 
Posts: 15
Joined: July 4th, 2012, 9:57 pm
Advertisement
Register to Remove

Re: DDS log, again...... zzzzzzzz taking over lol.

Unread postby askey127 » July 18th, 2012, 6:33 am

Archived - This is a duplicate post.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 129 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware