BleepingComputer.com: Windows Hosts trojan - DDS Log

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Windows Hosts trojan - DDS Log

#1 User is offline   Claytronic 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 120
  • Joined: 03-June 11
  • Gender:Male

Posted 04 December 2011 - 04:12 AM

I run Windows 64-bit so I couldn't run GMER
LINK BACK TO ORIGINAL TOPIC: http://www.bleepingcomputer.com/forums/topic428090.html/page__pid__2495837

DDS Log said:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Clayton at 4:02:31 on 2011-12-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4026.1973 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Spybot - Search & Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Security 360 *Disabled/Outdated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe
C:\Windows\system32\lxbccoms.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PSIService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Tablet.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Windows\system32\WTablet\TabUserW.exe
C:\Windows\system32\Tablet.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5732z&r=27361209a255l0324z1h5t5852x499
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5732z&r=27361209a255l0324z1h5t5852x499
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5732z&r=27361209a255l0324z1h5t5852x499
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5732z&r=27361209a255l0324z1h5t5852x499
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
uRun: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe"
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_Plugin.exe -update plugin
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
mRun: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [NortonOnlineBackup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Clayton\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{108AF699-3126-46CC-9BF0-760B0C7651F7} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{108AF699-3126-46CC-9BF0-760B0C7651F7}\3445452584745756374775962756C6563737 : DhcpNameServer = 66.59.149.70 139.142.2.3 209.135.99.3
TCP: Interfaces\{108AF699-3126-46CC-9BF0-760B0C7651F7}\46C696E6B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{108AF699-3126-46CC-9BF0-760B0C7651F7}\47B6562727 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F67B5C88-C6AF-4E07-B18C-A3326AB644E0} : DhcpNameServer = 208.67.222.222 208.67.220.220 4.2.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun-x64: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
mRun-x64: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
mRun-x64: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [NortonOnlineBackup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun-x64: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Clayton\AppData\Roaming\Mozilla\Firefox\Profiles\7j8lb8zu.default\
FF - prefs.js: browser.search.selectedEngine - Search the web
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig?hl=en
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_96.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2011-7-14 48888]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-6-18 353168]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-11-28 44768]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-11-6 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 IS360service;IS360service;C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe [2011-4-13 312152]
R2 lxbc_device;lxbc_device;C:\Windows\system32\lxbccoms.exe -service --> C:\Windows\system32\lxbccoms.exe -service [?]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service --> C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service [?]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-17 144640]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-1-31 1153368]
R2 SDHookService;Spybot-S&D 2 Hooks Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-7-14 130976]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-7-14 892336]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-6-17 955816]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-6-17 169624]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-11-6 240160]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-6 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2011-10-31 252064]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-6 135664]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-9-10 305448]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-17 50432]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-11-6 225280]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-12-04 03:22:33 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B5A2B7F0-96E2-4F5A-91DC-60728E137F2F}\offreg.dll
2011-12-03 21:22:03 -------- d-----w- C:\Users\Clayton\AppData\Local\{B38F6C97-EF87-42B1-AB10-D51083BF5F38}
2011-12-03 21:21:51 -------- d-----w- C:\Users\Clayton\AppData\Local\{7CD38C48-A068-4A7C-A318-AECADCA8E4E7}
2011-12-03 09:30:57 -------- d-----w- C:\Users\Clayton\AppData\Roaming\SUPERAntiSpyware.com
2011-12-03 09:30:43 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-12-03 09:30:43 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-12-03 09:21:17 -------- d-----w- C:\Users\Clayton\AppData\Local\{21C3FADF-AC3B-4D03-86F4-DA5A183FA0B1}
2011-12-03 09:21:03 -------- d-----w- C:\Users\Clayton\AppData\Local\{223D6265-FD4B-4F9C-912A-27E334548F5E}
2011-12-02 21:14:46 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B5A2B7F0-96E2-4F5A-91DC-60728E137F2F}\mpengine.dll
2011-12-02 21:10:20 -------- d-----w- C:\Users\Clayton\AppData\Local\{5879C9D2-59C3-4B0C-A36D-1855145CB280}
2011-12-02 21:10:04 -------- d-----w- C:\Users\Clayton\AppData\Local\{3CF10B40-94D5-4286-A884-6F905EC21F0E}
2011-12-01 22:47:02 -------- d-----w- C:\Users\Clayton\AppData\Local\{245BBED3-F16F-4DEB-9CD8-528C4A095063}
2011-12-01 22:46:50 -------- d-----w- C:\Users\Clayton\AppData\Local\{D4B4FDBE-36FB-4CCD-845D-08AD04F50BA5}
2011-12-01 17:20:34 -------- d-----w- C:\Users\Clayton\AppData\Local\{DD47933B-3381-44DB-B663-576682DF9B14}
2011-12-01 04:16:13 -------- d-----w- C:\Users\Clayton\AppData\Local\{0950CF68-8128-4789-A443-186E845796EB}
2011-11-30 16:15:37 -------- d-----w- C:\Users\Clayton\AppData\Local\{CC7D9D72-FBC6-480E-B5F9-A5714E5C6662}
2011-11-30 16:15:24 -------- d-----w- C:\Users\Clayton\AppData\Local\{C64AC54A-86F5-4552-B38F-60373E64E3FD}
2011-11-29 16:27:38 -------- d-----w- C:\Users\Clayton\AppData\Local\{CA58DEAD-071F-4325-914A-2AD1CB18417F}
2011-11-29 16:27:25 -------- d-----w- C:\Users\Clayton\AppData\Local\{463138E6-A8D1-491D-B4ED-6495E69B1D4D}
2011-11-29 03:27:17 -------- d-----w- C:\Users\Clayton\AppData\Local\{402B759C-F548-4503-882E-972FC20EC12B}
2011-11-28 15:26:50 -------- d-----w- C:\Users\Clayton\AppData\Local\{2C08F0B5-B359-484F-875C-5B75AC32AEAD}
2011-11-28 15:26:38 -------- d-----w- C:\Users\Clayton\AppData\Local\{136EC6C4-3D6A-4A3C-B2AE-C4A1C7CA510B}
2011-11-28 01:37:08 -------- d-----w- C:\Users\Clayton\AppData\Local\{5F2B9E92-BD05-4E50-A295-7232A47516BB}
2011-11-27 13:36:37 -------- d-----w- C:\Users\Clayton\AppData\Local\{98E0C552-1C54-4A62-B3A4-E267259FDC75}
2011-11-27 13:36:25 -------- d-----w- C:\Users\Clayton\AppData\Local\{111D5C03-CC66-4798-9AEA-AC8AC6CBFD7E}
2011-11-27 01:30:42 -------- d-----w- C:\Users\Clayton\AppData\Local\{B193A0A3-0B27-4BA0-97F6-ACA80105340A}
2011-11-27 01:30:31 -------- d-----w- C:\Users\Clayton\AppData\Local\{71E7023D-29EF-4E18-873A-A73612B84BA1}
2011-11-26 13:30:02 -------- d-----w- C:\Users\Clayton\AppData\Local\{277463E2-0FD3-410C-B81D-CB15F4082B18}
2011-11-26 13:29:50 -------- d-----w- C:\Users\Clayton\AppData\Local\{1CE97973-1C8B-468B-A288-C3696B245E16}
2011-11-25 21:17:52 -------- d-----w- C:\Users\Clayton\AppData\Local\{413AA8B9-6308-405C-8029-6AC0FA43B934}
2011-11-25 09:17:26 -------- d-----w- C:\Users\Clayton\AppData\Local\{95E36440-BE1D-4AE0-8196-6B753E1FC491}
2011-11-25 09:17:14 -------- d-----w- C:\Users\Clayton\AppData\Local\{2534C35C-365C-4671-9C48-A231C149CF18}
2011-11-24 12:07:24 -------- d-----w- C:\Users\Clayton\AppData\Local\{E7DE500E-CFCA-427D-8EE3-15B1D41FB36C}
2011-11-24 12:07:10 -------- d-----w- C:\Users\Clayton\AppData\Local\{A07C1561-F493-451B-B134-40812593840B}
2011-11-23 14:07:41 -------- d-----w- C:\Users\Clayton\AppData\Local\{B2FAC743-A87D-4D22-83C2-70E344F5479D}
2011-11-23 14:07:29 -------- d-----w- C:\Users\Clayton\AppData\Local\{C58DE484-E502-47DF-AB60-65CE3BAEBA82}
2011-11-23 02:07:01 -------- d-----w- C:\Users\Clayton\AppData\Local\{71A6B842-B749-4A3B-B59B-980E33EE4C40}
2011-11-23 02:06:46 -------- d-----w- C:\Users\Clayton\AppData\Local\{E7E4E414-751E-421D-8E9D-813EBD765986}
2011-11-22 12:56:53 -------- d-----w- C:\Users\Clayton\AppData\Local\{3E6416FB-D189-4153-91C2-172F725BF2FC}
2011-11-22 00:56:19 -------- d-----w- C:\Users\Clayton\AppData\Local\{C39B3DC8-F1BD-4BB7-8232-4EE9E12F9E92}
2011-11-22 00:56:07 -------- d-----w- C:\Users\Clayton\AppData\Local\{1CE91E94-EC9F-47E1-BEB9-2058FB9B4489}
2011-11-21 12:26:30 -------- d-----w- C:\Users\Clayton\AppData\Local\{A6141228-953F-4A9C-B198-21FA83F110BB}
2011-11-21 12:26:18 -------- d-----w- C:\Users\Clayton\AppData\Local\{C2633B24-648B-4A00-8CD4-18A733284D08}
2011-11-21 00:25:39 -------- d-----w- C:\Users\Clayton\AppData\Local\{59FA4E79-2598-437D-A578-DAFEEBD30E01}
2011-11-21 00:25:27 -------- d-----w- C:\Users\Clayton\AppData\Local\{D0C06D0B-49DB-4C2E-BC99-A16152F96C47}
2011-11-20 09:43:17 -------- d-----w- C:\Users\Clayton\AppData\Local\{38C837FF-0BB1-480A-B14E-9887E1C9A233}
2011-11-19 21:42:49 -------- d-----w- C:\Users\Clayton\AppData\Local\{AA42FC28-DC45-4E92-ACFB-C44B3101714E}
2011-11-19 21:42:37 -------- d-----w- C:\Users\Clayton\AppData\Local\{ACB29469-4B11-4064-A78A-746F751F798D}
2011-11-19 09:42:10 -------- d-----w- C:\Users\Clayton\AppData\Local\{62D01A7E-AD0B-4E8D-9853-2B0CB9D4FE0D}
2011-11-19 09:41:57 -------- d-----w- C:\Users\Clayton\AppData\Local\{3618BF0D-DD53-4CA0-AD37-555C90F91952}
2011-11-18 21:41:15 -------- d-----w- C:\Users\Clayton\AppData\Local\{3C43912E-580B-418B-878F-8231EEA34AAC}
2011-11-18 21:41:01 -------- d-----w- C:\Users\Clayton\AppData\Local\{F2578274-F3D9-48B9-8FED-D8F8F1605B6E}
2011-11-18 03:46:56 -------- d-----w- C:\Users\Clayton\AppData\Local\{8A3E136D-3C75-4EDA-9B38-9A132CCC4B1A}
2011-11-18 03:46:45 -------- d-----w- C:\Users\Clayton\AppData\Local\{B7F49419-8018-49CD-AF09-FD1A8F891A91}
2011-11-17 15:46:14 -------- d-----w- C:\Users\Clayton\AppData\Local\{3891B88D-27EE-4EC9-8336-4A32565DF14A}
2011-11-17 15:46:01 -------- d-----w- C:\Users\Clayton\AppData\Local\{82DD74A0-0732-4268-9488-1012517E017E}
2011-11-16 22:14:58 -------- d-----w- C:\Users\Clayton\AppData\Local\{81E419CF-1C1C-4B7A-B27D-ED1D4FFCFB9B}
2011-11-16 22:14:46 -------- d-----w- C:\Users\Clayton\AppData\Local\{702779AF-5C59-4BC5-9F65-9CDE188BD96F}
2011-11-16 10:14:19 -------- d-----w- C:\Users\Clayton\AppData\Local\{21E57D2B-1A29-412C-9D82-FE8E026C7B64}
2011-11-16 10:14:07 -------- d-----w- C:\Users\Clayton\AppData\Local\{156060E2-5F42-4170-BD5C-C5415B935E60}
2011-11-15 22:13:38 -------- d-----w- C:\Users\Clayton\AppData\Local\{06DAEE90-03BE-41C7-86C5-C95D32D8DF51}
2011-11-15 22:13:26 -------- d-----w- C:\Users\Clayton\AppData\Local\{1FD53CA5-8D2C-4A33-AF19-B3813B70B89C}
2011-11-15 10:12:58 -------- d-----w- C:\Users\Clayton\AppData\Local\{BADDF341-37D6-46A8-BEF1-7ABCF4B7E5DF}
2011-11-14 22:12:25 -------- d-----w- C:\Users\Clayton\AppData\Local\{5538A0D5-D7CE-41DB-8D76-E4D0A9FD5A72}
2011-11-14 22:12:08 -------- d-----w- C:\Users\Clayton\AppData\Local\{884BB27F-8E4A-4FD4-B960-775DE7A3EF68}
2011-11-13 21:59:16 -------- d-----w- C:\Users\Clayton\AppData\Local\{7CE48D96-D0CD-44EE-8B06-B86D75321DA2}
2011-11-13 21:59:00 -------- d-----w- C:\Users\Clayton\AppData\Local\{DC8727DC-F54C-4894-AA81-1E97E9971EE1}
2011-11-13 05:14:22 -------- d-----w- C:\Users\Clayton\AppData\Local\{9D10A218-3D91-4B72-BC9E-BEA2BF1CAB93}
2011-11-12 17:13:55 -------- d-----w- C:\Users\Clayton\AppData\Local\{9F41AC63-D13E-47E8-B670-3953915E7F8D}
2011-11-12 17:13:44 -------- d-----w- C:\Users\Clayton\AppData\Local\{7E4F4688-E5F1-4D94-9074-752BF0E595B8}
2011-11-12 05:13:16 -------- d-----w- C:\Users\Clayton\AppData\Local\{41A6C138-33D0-4A8C-832B-F25650A4A742}
2011-11-12 05:13:04 -------- d-----w- C:\Users\Clayton\AppData\Local\{D0C395F5-7492-4675-AFAF-5751932AE186}
2011-11-11 17:15:19 633816 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2011-11-11 17:15:19 555992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2011-11-11 17:15:19 486360 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2011-11-11 17:15:19 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2011-11-11 17:12:31 -------- d-----w- C:\Users\Clayton\AppData\Local\{381E2BF3-EA57-496F-9A20-75261F2D08AA}
2011-11-11 17:12:15 -------- d-----w- C:\Users\Clayton\AppData\Local\{C07AB69C-0C1A-42D9-BEA0-A1AF7AF4AF73}
2011-11-11 01:35:34 -------- d-----w- C:\Users\Clayton\AppData\Local\{94FCC407-2B64-4256-8329-1E87A6FDC57A}
2011-11-10 13:35:08 -------- d-----w- C:\Users\Clayton\AppData\Local\{35648DC5-0408-49DD-AA92-6DBD8DED7639}
2011-11-10 13:34:56 -------- d-----w- C:\Users\Clayton\AppData\Local\{20B6F426-29CC-4C85-BAE7-EA4F035887CE}
2011-11-10 01:34:29 -------- d-----w- C:\Users\Clayton\AppData\Local\{0706A828-5296-4045-98DB-A11405FFF5FF}
2011-11-09 18:36:10 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 18:36:09 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 18:36:08 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 18:36:06 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-09 13:34:02 -------- d-----w- C:\Users\Clayton\AppData\Local\{B3FE3721-39D3-4047-B150-B8CFEDBFB49C}
2011-11-09 13:33:49 -------- d-----w- C:\Users\Clayton\AppData\Local\{15F2B1AD-405B-4F27-AA78-9F7CC6639A4F}
2011-11-08 21:02:32 -------- d-----w- C:\Users\Clayton\AppData\Local\{98D872F7-9DAB-4B7D-9E33-14458525D629}
2011-11-08 21:02:20 -------- d-----w- C:\Users\Clayton\AppData\Local\{E1B8508D-CF05-4E8A-8BD4-167D86926749}
2011-11-08 09:01:52 -------- d-----w- C:\Users\Clayton\AppData\Local\{5C479FAE-148C-482E-AF5C-BCF046378494}
2011-11-08 09:01:41 -------- d-----w- C:\Users\Clayton\AppData\Local\{121EE8FB-28F7-49C0-8E27-22829AFA2077}
2011-11-07 21:01:12 -------- d-----w- C:\Users\Clayton\AppData\Local\{DE40957E-D187-4922-AD17-5221BBE103A6}
2011-11-07 09:00:41 -------- d-----w- C:\Users\Clayton\AppData\Local\{AECA8811-B561-45CB-847E-0165835E419B}
2011-11-07 09:00:28 -------- d-----w- C:\Users\Clayton\AppData\Local\{A6F1BA73-2F68-4F46-9E0A-72EE3B64E9A0}
2011-11-06 13:00:17 -------- d-----w- C:\Users\Clayton\AppData\Local\{76726231-F182-462F-85D7-32012B43FB28}
2011-11-06 13:00:03 -------- d-----w- C:\Users\Clayton\AppData\Local\{4BF03332-3F9B-4A7C-AACD-150A03A9D6A0}
2011-11-06 00:20:25 -------- d-----w- C:\Users\Clayton\AppData\Local\{E5859DF7-FA89-4C26-81B3-E5E2D6EF9667}
2011-11-06 00:20:06 -------- d-----w- C:\Users\Clayton\AppData\Local\{3E71D913-DD4B-4BF0-BCD4-E50C91C53223}
2011-11-05 10:27:00 -------- d-----w- C:\Users\Clayton\AppData\Local\{6D7FFA34-04C1-4D27-9917-AA6D8B976369}
2011-11-05 10:26:49 -------- d-----w- C:\Users\Clayton\AppData\Local\{EA1CDD74-F1DA-43C1-9BD7-B5375D60F3DA}
2011-11-04 22:26:04 -------- d-----w- C:\Users\Clayton\AppData\Local\{049DBE59-C037-4C2B-B13F-219850E3199E}
2011-11-04 22:25:48 -------- d-----w- C:\Users\Clayton\AppData\Local\{6B00528F-DBD3-47F1-B339-39652491A32F}
.
==================== Find3M ====================
.
2011-11-28 18:01:25 41184 ----a-w- C:\Windows\avastSS.scr
2011-11-28 17:54:06 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-11-28 17:52:11 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-11-23 03:44:20 69792 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-23 03:44:20 417952 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2011-11-23 03:44:14 9290912 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2011-10-24 18:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-10-20 08:01:01 627600 ----a-w- C:\Windows\System32\deployJava1.dll
.
============= FINISH: 4:03:52.85 ===============


I have the Attach file as well but it wasn't requested so I didn't attach it.

#2 User is offline   HelpBot 

  • Bleepin' Binary Bot
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Bots
  • Posts: 5,607
  • Joined: 05-October 07
  • Gender:Male

Posted 09 December 2011 - 04:15 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/430643 <<< CLICK THIS LINK

If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.

  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.


Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 User is offline   Claytronic 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 120
  • Joined: 03-June 11
  • Gender:Male

Posted 09 December 2011 - 05:33 AM

New DDS Log said:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Clayton at 5:28:05 on 2011-12-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4026.1941 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Spybot - Search & Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Security 360 *Disabled/Outdated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe
C:\Windows\system32\lxbccoms.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PSIService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\Tablet.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\WTablet\TabUserW.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Tablet.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\PLFSetI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5732z&r=27361209a255l0324z1h5t5852x499
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5732z&r=27361209a255l0324z1h5t5852x499
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5732z&r=27361209a255l0324z1h5t5852x499
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5732z&r=27361209a255l0324z1h5t5852x499
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
uRun: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe"
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_Plugin.exe -update plugin
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
mRun: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [NortonOnlineBackup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Clayton\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{108AF699-3126-46CC-9BF0-760B0C7651F7} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{108AF699-3126-46CC-9BF0-760B0C7651F7}\3445452584745756374775962756C6563737 : DhcpNameServer = 66.59.149.70 139.142.2.3 209.135.99.3
TCP: Interfaces\{108AF699-3126-46CC-9BF0-760B0C7651F7}\46C696E6B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{108AF699-3126-46CC-9BF0-760B0C7651F7}\47B6562727 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F67B5C88-C6AF-4E07-B18C-A3326AB644E0} : DhcpNameServer = 208.67.222.222 208.67.220.220 4.2.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun-x64: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
mRun-x64: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
mRun-x64: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [NortonOnlineBackup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Clayton\AppData\Roaming\Mozilla\Firefox\Profiles\7j8lb8zu.default\
FF - prefs.js: browser.search.selectedEngine - Search the web
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig?hl=en
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_121.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2011-7-14 48888]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-6-18 353168]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-11-28 44768]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-11-6 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 IS360service;IS360service;C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe [2011-4-13 312152]
R2 lxbc_device;lxbc_device;C:\Windows\system32\lxbccoms.exe -service --> C:\Windows\system32\lxbccoms.exe -service [?]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service --> C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service [?]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-17 144640]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-1-31 1153368]
R2 SDHookService;Spybot-S&D 2 Hooks Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-7-14 130976]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-7-14 892336]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-6-17 955816]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-6-17 169624]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-11-6 240160]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-6 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2011-10-31 253600]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-6 135664]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-9-10 305448]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-17 50432]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-11-6 225280]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-12-09 09:57:17 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4B4F3468-96D4-41BB-BE4C-096EAD697361}\offreg.dll
2011-12-09 09:57:16 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4B4F3468-96D4-41BB-BE4C-096EAD697361}\mpengine.dll
2011-12-09 02:16:57 -------- d-----w- C:\Users\Clayton\AppData\Local\{5A8528C5-17B3-476A-8EFB-9DF2796860B1}
2011-12-09 02:16:46 -------- d-----w- C:\Users\Clayton\AppData\Local\{C3E969B2-3576-4406-9EEE-82036FAD5C82}
2011-12-08 14:16:19 -------- d-----w- C:\Users\Clayton\AppData\Local\{31209256-6111-45A2-915A-6B7B66DC8BC2}
2011-12-08 14:16:08 -------- d-----w- C:\Users\Clayton\AppData\Local\{FF380F64-F944-4DB0-B1EC-299F2C99D51C}
2011-12-08 02:15:34 -------- d-----w- C:\Users\Clayton\AppData\Local\{DAEA42F2-078C-4770-9590-56E67AE8F290}
2011-12-08 02:15:14 -------- d-----w- C:\Users\Clayton\AppData\Local\{F29560E0-85A4-4822-B184-8E943C6E0C3B}
2011-12-07 07:12:56 -------- d-----w- C:\Users\Clayton\AppData\Local\{6ADA2FC3-B0A0-4703-A5AD-CE297CD0DAA8}
2011-12-07 07:12:44 -------- d-----w- C:\Users\Clayton\AppData\Local\{E82675AB-09DC-488D-BB23-705DA10C5A1A}
2011-12-06 19:12:15 -------- d-----w- C:\Users\Clayton\AppData\Local\{BAD76003-ADFF-450D-B687-6BF972122548}
2011-12-06 19:12:01 -------- d-----w- C:\Users\Clayton\AppData\Local\{B15303DB-C9C1-4841-920A-24E9D7921E10}
2011-12-06 07:03:01 -------- d-----w- C:\Users\Clayton\AppData\Local\{5F225464-327F-412B-80D4-5258B23A99EA}
2011-12-05 19:02:24 -------- d-----w- C:\Users\Clayton\AppData\Local\{9DF0F5E8-6AB0-4B99-82B2-CCF9E35404F1}
2011-12-05 19:02:08 -------- d-----w- C:\Users\Clayton\AppData\Local\{858BA332-013D-4D66-BB5F-A3E81ED8AC80}
2011-12-05 06:00:01 -------- d-----w- C:\Users\Clayton\AppData\Local\{DAC7A691-C99F-457E-9F83-48F14775837C}
2011-12-05 05:59:49 -------- d-----w- C:\Users\Clayton\AppData\Local\{36A1759C-8E17-4B8D-9EA9-DF8F3B18F5BC}
2011-12-04 17:59:03 -------- d-----w- C:\Users\Clayton\AppData\Local\{05B5E5D9-950D-454F-921C-031D06FC5552}
2011-12-04 17:58:51 -------- d-----w- C:\Users\Clayton\AppData\Local\{C56E0B48-CCD8-4594-94E3-692CDDC3C52B}
2011-12-03 21:22:03 -------- d-----w- C:\Users\Clayton\AppData\Local\{B38F6C97-EF87-42B1-AB10-D51083BF5F38}
2011-12-03 21:21:51 -------- d-----w- C:\Users\Clayton\AppData\Local\{7CD38C48-A068-4A7C-A318-AECADCA8E4E7}
2011-12-03 09:30:57 -------- d-----w- C:\Users\Clayton\AppData\Roaming\SUPERAntiSpyware.com
2011-12-03 09:30:43 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-12-03 09:30:43 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-12-03 09:21:17 -------- d-----w- C:\Users\Clayton\AppData\Local\{21C3FADF-AC3B-4D03-86F4-DA5A183FA0B1}
2011-12-03 09:21:03 -------- d-----w- C:\Users\Clayton\AppData\Local\{223D6265-FD4B-4F9C-912A-27E334548F5E}
2011-12-02 21:10:20 -------- d-----w- C:\Users\Clayton\AppData\Local\{5879C9D2-59C3-4B0C-A36D-1855145CB280}
2011-12-02 21:10:04 -------- d-----w- C:\Users\Clayton\AppData\Local\{3CF10B40-94D5-4286-A884-6F905EC21F0E}
2011-12-01 22:47:02 -------- d-----w- C:\Users\Clayton\AppData\Local\{245BBED3-F16F-4DEB-9CD8-528C4A095063}
2011-12-01 22:46:50 -------- d-----w- C:\Users\Clayton\AppData\Local\{D4B4FDBE-36FB-4CCD-845D-08AD04F50BA5}
2011-12-01 17:20:34 -------- d-----w- C:\Users\Clayton\AppData\Local\{DD47933B-3381-44DB-B663-576682DF9B14}
2011-12-01 04:16:13 -------- d-----w- C:\Users\Clayton\AppData\Local\{0950CF68-8128-4789-A443-186E845796EB}
2011-11-30 16:15:37 -------- d-----w- C:\Users\Clayton\AppData\Local\{CC7D9D72-FBC6-480E-B5F9-A5714E5C6662}
2011-11-30 16:15:24 -------- d-----w- C:\Users\Clayton\AppData\Local\{C64AC54A-86F5-4552-B38F-60373E64E3FD}
2011-11-29 16:27:38 -------- d-----w- C:\Users\Clayton\AppData\Local\{CA58DEAD-071F-4325-914A-2AD1CB18417F}
2011-11-29 16:27:25 -------- d-----w- C:\Users\Clayton\AppData\Local\{463138E6-A8D1-491D-B4ED-6495E69B1D4D}
2011-11-29 03:27:17 -------- d-----w- C:\Users\Clayton\AppData\Local\{402B759C-F548-4503-882E-972FC20EC12B}
2011-11-28 15:26:50 -------- d-----w- C:\Users\Clayton\AppData\Local\{2C08F0B5-B359-484F-875C-5B75AC32AEAD}
2011-11-28 15:26:38 -------- d-----w- C:\Users\Clayton\AppData\Local\{136EC6C4-3D6A-4A3C-B2AE-C4A1C7CA510B}
2011-11-28 01:37:08 -------- d-----w- C:\Users\Clayton\AppData\Local\{5F2B9E92-BD05-4E50-A295-7232A47516BB}
2011-11-27 13:36:37 -------- d-----w- C:\Users\Clayton\AppData\Local\{98E0C552-1C54-4A62-B3A4-E267259FDC75}
2011-11-27 13:36:25 -------- d-----w- C:\Users\Clayton\AppData\Local\{111D5C03-CC66-4798-9AEA-AC8AC6CBFD7E}
2011-11-27 01:30:42 -------- d-----w- C:\Users\Clayton\AppData\Local\{B193A0A3-0B27-4BA0-97F6-ACA80105340A}
2011-11-27 01:30:31 -------- d-----w- C:\Users\Clayton\AppData\Local\{71E7023D-29EF-4E18-873A-A73612B84BA1}
2011-11-26 13:30:02 -------- d-----w- C:\Users\Clayton\AppData\Local\{277463E2-0FD3-410C-B81D-CB15F4082B18}
2011-11-26 13:29:50 -------- d-----w- C:\Users\Clayton\AppData\Local\{1CE97973-1C8B-468B-A288-C3696B245E16}
2011-11-25 21:17:52 -------- d-----w- C:\Users\Clayton\AppData\Local\{413AA8B9-6308-405C-8029-6AC0FA43B934}
2011-11-25 09:17:26 -------- d-----w- C:\Users\Clayton\AppData\Local\{95E36440-BE1D-4AE0-8196-6B753E1FC491}
2011-11-25 09:17:14 -------- d-----w- C:\Users\Clayton\AppData\Local\{2534C35C-365C-4671-9C48-A231C149CF18}
2011-11-24 12:07:24 -------- d-----w- C:\Users\Clayton\AppData\Local\{E7DE500E-CFCA-427D-8EE3-15B1D41FB36C}
2011-11-24 12:07:10 -------- d-----w- C:\Users\Clayton\AppData\Local\{A07C1561-F493-451B-B134-40812593840B}
2011-11-23 14:07:41 -------- d-----w- C:\Users\Clayton\AppData\Local\{B2FAC743-A87D-4D22-83C2-70E344F5479D}
2011-11-23 14:07:29 -------- d-----w- C:\Users\Clayton\AppData\Local\{C58DE484-E502-47DF-AB60-65CE3BAEBA82}
2011-11-23 02:07:01 -------- d-----w- C:\Users\Clayton\AppData\Local\{71A6B842-B749-4A3B-B59B-980E33EE4C40}
2011-11-23 02:06:46 -------- d-----w- C:\Users\Clayton\AppData\Local\{E7E4E414-751E-421D-8E9D-813EBD765986}
2011-11-22 12:56:53 -------- d-----w- C:\Users\Clayton\AppData\Local\{3E6416FB-D189-4153-91C2-172F725BF2FC}
2011-11-22 00:56:19 -------- d-----w- C:\Users\Clayton\AppData\Local\{C39B3DC8-F1BD-4BB7-8232-4EE9E12F9E92}
2011-11-22 00:56:07 -------- d-----w- C:\Users\Clayton\AppData\Local\{1CE91E94-EC9F-47E1-BEB9-2058FB9B4489}
2011-11-21 12:26:30 -------- d-----w- C:\Users\Clayton\AppData\Local\{A6141228-953F-4A9C-B198-21FA83F110BB}
2011-11-21 12:26:18 -------- d-----w- C:\Users\Clayton\AppData\Local\{C2633B24-648B-4A00-8CD4-18A733284D08}
2011-11-21 00:25:39 -------- d-----w- C:\Users\Clayton\AppData\Local\{59FA4E79-2598-437D-A578-DAFEEBD30E01}
2011-11-21 00:25:27 -------- d-----w- C:\Users\Clayton\AppData\Local\{D0C06D0B-49DB-4C2E-BC99-A16152F96C47}
2011-11-20 09:43:17 -------- d-----w- C:\Users\Clayton\AppData\Local\{38C837FF-0BB1-480A-B14E-9887E1C9A233}
2011-11-19 21:42:49 -------- d-----w- C:\Users\Clayton\AppData\Local\{AA42FC28-DC45-4E92-ACFB-C44B3101714E}
2011-11-19 21:42:37 -------- d-----w- C:\Users\Clayton\AppData\Local\{ACB29469-4B11-4064-A78A-746F751F798D}
2011-11-19 09:42:10 -------- d-----w- C:\Users\Clayton\AppData\Local\{62D01A7E-AD0B-4E8D-9853-2B0CB9D4FE0D}
2011-11-19 09:41:57 -------- d-----w- C:\Users\Clayton\AppData\Local\{3618BF0D-DD53-4CA0-AD37-555C90F91952}
2011-11-18 21:41:15 -------- d-----w- C:\Users\Clayton\AppData\Local\{3C43912E-580B-418B-878F-8231EEA34AAC}
2011-11-18 21:41:01 -------- d-----w- C:\Users\Clayton\AppData\Local\{F2578274-F3D9-48B9-8FED-D8F8F1605B6E}
2011-11-18 03:46:56 -------- d-----w- C:\Users\Clayton\AppData\Local\{8A3E136D-3C75-4EDA-9B38-9A132CCC4B1A}
2011-11-18 03:46:45 -------- d-----w- C:\Users\Clayton\AppData\Local\{B7F49419-8018-49CD-AF09-FD1A8F891A91}
2011-11-17 15:46:14 -------- d-----w- C:\Users\Clayton\AppData\Local\{3891B88D-27EE-4EC9-8336-4A32565DF14A}
2011-11-17 15:46:01 -------- d-----w- C:\Users\Clayton\AppData\Local\{82DD74A0-0732-4268-9488-1012517E017E}
2011-11-16 22:14:58 -------- d-----w- C:\Users\Clayton\AppData\Local\{81E419CF-1C1C-4B7A-B27D-ED1D4FFCFB9B}
2011-11-16 22:14:46 -------- d-----w- C:\Users\Clayton\AppData\Local\{702779AF-5C59-4BC5-9F65-9CDE188BD96F}
2011-11-16 10:14:19 -------- d-----w- C:\Users\Clayton\AppData\Local\{21E57D2B-1A29-412C-9D82-FE8E026C7B64}
2011-11-16 10:14:07 -------- d-----w- C:\Users\Clayton\AppData\Local\{156060E2-5F42-4170-BD5C-C5415B935E60}
2011-11-15 22:13:38 -------- d-----w- C:\Users\Clayton\AppData\Local\{06DAEE90-03BE-41C7-86C5-C95D32D8DF51}
2011-11-15 22:13:26 -------- d-----w- C:\Users\Clayton\AppData\Local\{1FD53CA5-8D2C-4A33-AF19-B3813B70B89C}
2011-11-15 10:12:58 -------- d-----w- C:\Users\Clayton\AppData\Local\{BADDF341-37D6-46A8-BEF1-7ABCF4B7E5DF}
2011-11-14 22:12:25 -------- d-----w- C:\Users\Clayton\AppData\Local\{5538A0D5-D7CE-41DB-8D76-E4D0A9FD5A72}
2011-11-14 22:12:08 -------- d-----w- C:\Users\Clayton\AppData\Local\{884BB27F-8E4A-4FD4-B960-775DE7A3EF68}
2011-11-13 21:59:16 -------- d-----w- C:\Users\Clayton\AppData\Local\{7CE48D96-D0CD-44EE-8B06-B86D75321DA2}
2011-11-13 21:59:00 -------- d-----w- C:\Users\Clayton\AppData\Local\{DC8727DC-F54C-4894-AA81-1E97E9971EE1}
2011-11-13 05:14:22 -------- d-----w- C:\Users\Clayton\AppData\Local\{9D10A218-3D91-4B72-BC9E-BEA2BF1CAB93}
2011-11-12 17:13:55 -------- d-----w- C:\Users\Clayton\AppData\Local\{9F41AC63-D13E-47E8-B670-3953915E7F8D}
2011-11-12 17:13:44 -------- d-----w- C:\Users\Clayton\AppData\Local\{7E4F4688-E5F1-4D94-9074-752BF0E595B8}
2011-11-12 05:13:16 -------- d-----w- C:\Users\Clayton\AppData\Local\{41A6C138-33D0-4A8C-832B-F25650A4A742}
2011-11-12 05:13:04 -------- d-----w- C:\Users\Clayton\AppData\Local\{D0C395F5-7492-4675-AFAF-5751932AE186}
2011-11-11 17:15:19 633816 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2011-11-11 17:15:19 555992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2011-11-11 17:15:19 486360 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2011-11-11 17:15:19 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2011-11-11 17:12:31 -------- d-----w- C:\Users\Clayton\AppData\Local\{381E2BF3-EA57-496F-9A20-75261F2D08AA}
2011-11-11 17:12:15 -------- d-----w- C:\Users\Clayton\AppData\Local\{C07AB69C-0C1A-42D9-BEA0-A1AF7AF4AF73}
2011-11-11 01:35:34 -------- d-----w- C:\Users\Clayton\AppData\Local\{94FCC407-2B64-4256-8329-1E87A6FDC57A}
2011-11-10 13:35:08 -------- d-----w- C:\Users\Clayton\AppData\Local\{35648DC5-0408-49DD-AA92-6DBD8DED7639}
2011-11-10 13:34:56 -------- d-----w- C:\Users\Clayton\AppData\Local\{20B6F426-29CC-4C85-BAE7-EA4F035887CE}
2011-11-10 01:34:29 -------- d-----w- C:\Users\Clayton\AppData\Local\{0706A828-5296-4045-98DB-A11405FFF5FF}
2011-11-09 18:36:10 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 18:36:09 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 18:36:08 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 18:36:06 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-09 13:34:02 -------- d-----w- C:\Users\Clayton\AppData\Local\{B3FE3721-39D3-4047-B150-B8CFEDBFB49C}
2011-11-09 13:33:49 -------- d-----w- C:\Users\Clayton\AppData\Local\{15F2B1AD-405B-4F27-AA78-9F7CC6639A4F}
.
==================== Find3M ====================
.
2011-12-06 02:44:23 69792 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-06 02:44:23 417440 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2011-12-06 02:44:17 9308320 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2011-11-28 18:01:25 41184 ----a-w- C:\Windows\avastSS.scr
2011-11-28 17:54:06 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-11-28 17:52:11 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-10-24 18:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-10-20 08:01:01 627600 ----a-w- C:\Windows\System32\deployJava1.dll
.
============= FINISH: 5:29:16.08 ===============


Please note that just yesterday, Avast decided my Brother printer Control Center was malware and told me to restart to uninstall/delete the "malware". I knew it was a false alarm because I know what BrCtrCn.exe is. I went into Avast's "Exclusions" and added the control center there but I'm not sure if it deleted the printer or not, as the icon is not on my desktop still.
Therefore, there may be a change in the DDS logs from last time.

I do not have my original Windows CD/DVD because my laptop came with it pre-installed. Please tell us if you have your original Windows CD/DVD available.

I can't run GMER because I am using 64-bit.

#4 User is online   Elise 

  • Bleepin' Blonde
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Admin
  • Posts: 39,018
  • Joined: 05-October 07
  • Gender:Female
  • Location:Romania

Posted 10 December 2011 - 06:33 AM

Hello, my name is Elise and I'll assist you with this issue.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.
regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton
Posted Image Follow BleepingComputer on: Facebook | Twitter | Google+

#5 User is offline   Claytronic 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 120
  • Joined: 03-June 11
  • Gender:Male

Posted 11 December 2011 - 03:36 PM

I hear some scary things about ComboFix having the potential to mess up computers pretty badly. Will this mess up my computer at all?

#6 User is online   Elise 

  • Bleepin' Blonde
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Admin
  • Posts: 39,018
  • Joined: 05-October 07
  • Gender:Female
  • Location:Romania

Posted 11 December 2011 - 03:38 PM

It is a very powerful tool and for that reason it is not advised to run it unsupervised. In case something goes wrong (which does not happen often) I'll be able to help you bring things back as they were. :)
regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton
Posted Image Follow BleepingComputer on: Facebook | Twitter | Google+

#7 User is offline   Claytronic 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 120
  • Joined: 03-June 11
  • Gender:Male

Posted 13 December 2011 - 01:14 PM

View Postelise025, on 11 December 2011 - 03:38 PM, said:

It is a very powerful tool and for that reason it is not advised to run it unsupervised. In case something goes wrong (which does not happen often) I'll be able to help you bring things back as they were. :)

Awesome, thank you! :) I'm sorry for the late reply, I've been busy with some things. I will try to get to this tonight

#8 User is online   Elise 

  • Bleepin' Blonde
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Admin
  • Posts: 39,018
  • Joined: 05-October 07
  • Gender:Female
  • Location:Romania

Posted 13 December 2011 - 01:51 PM

No problem, post it when ready! :)
regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton
Posted Image Follow BleepingComputer on: Facebook | Twitter | Google+

#9 User is offline   Claytronic 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 120
  • Joined: 03-June 11
  • Gender:Male

Posted 13 December 2011 - 06:07 PM

Should I disable my firewall and antimalware?

#10 User is online   Elise 

  • Bleepin' Blonde
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Admin
  • Posts: 39,018
  • Joined: 05-October 07
  • Gender:Female
  • Location:Romania

Posted 14 December 2011 - 03:42 AM

Yes, best is to do that, as they may interfere with the scan.
regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton
Posted Image Follow BleepingComputer on: Facebook | Twitter | Google+

#11 User is offline   Claytronic 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 120
  • Joined: 03-June 11
  • Gender:Male

Posted 15 December 2011 - 06:39 PM

View Postelise025, on 14 December 2011 - 03:42 AM, said:

Yes, best is to do that, as they may interfere with the scan.

Alright, will do.
Windows made me do updates last night, will this affect Combofix at all?

#12 User is online   Elise 

  • Bleepin' Blonde
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Admin
  • Posts: 39,018
  • Joined: 05-October 07
  • Gender:Female
  • Location:Romania

Posted 16 December 2011 - 02:50 AM

No, that shouldn't be a problem, you can just run it.
regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton
Posted Image Follow BleepingComputer on: Facebook | Twitter | Google+

#13 User is offline   Claytronic 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 120
  • Joined: 03-June 11
  • Gender:Male

Posted 07 February 2012 - 08:29 AM

Hello, I apologize for disappearing for a couple months. I had gotten really busy with life-stuff and then forgot my info to get on here, so I reset it.
I had run into another issue on my computer last night[trying to send a link to someone and having it tell me it was unsafe]
Should I start a new topic for this because this topic is so old? There have probably been a lot of changes on my computer since then.

Once again, I sincerely apologize

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users