Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Win32 malware gen virus on Win 7 64-bit


  • This topic is locked This topic is locked
14 replies to this topic

#1 amydot

amydot

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 08 December 2009 - 11:26 AM

Hi forums! I would really appreciate some help!

I recently purchased a Dell Studio XPS 13 with Win 7 Home Premium 64-bit in the beginning of Nov.

Last night I booted my computer from hibernation, and AVAST gave me message that I had a virus Win32 Malware Gen. It recommended I moved the virus to the chest, but when I tried, AVAST said it couldn't do it. I also tried deleting the virus, but that did not work either.

I then ran Ad-aware and no virus was detected.

I then ran AVST full system scan and no virus was detected. On the advice of a friend I tried to engage the boot time scan option but the option is grayed out on my AVAST, which my friend told me meant my win 7 os wasn't supported. Just great!

Then I downloaed Malaware Bytes, and IT DID detect a virus! So I quarantined and removed the virus...however, my computer is still slow and I keep getting kicked off the internet which never happened before on my network.

So then I tried to AVAST in safe mode. In safe mode, I couldn't connect to internet and AVAST showed nothing.

However, I still feel as though I have the virus on my computer and would like to make sure it is gone. It's hard finding good resources because I have a win 7 computer!


NOW....I did the DDS and have those notepad files, but the rootkit wouldn't install because I have a 64 bit os. I am still hoping you can help me out though! I am posting my Malaware bytes log and the DDS files.

Thanks a lot!!!!

DDS (Ver_09-12-01.01) - NTFSX64
Run by Amy Mangla at 9:56:15.55 on Tue 12/08/2009
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.1996 [GMT -5:00]


============== Running Processes ===============

C:Windowssystem32wininit.exe
C:Windowssystem32lsm.exe
C:Windowssystem32svchost.exe -k DcomLaunch
C:Windowssystem32nvvsvc.exe
C:Windowssystem32svchost.exe -k RPCSS
C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted
C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted
c:Program Files (x86)Sensible VisionFast AccessFAService.exe
C:Windowssystem32svchost.exe -k netsvcs
C:WindowsSystem32DriverStoreFileRepositorystwrt64.inf_amd64_neutral_afc3018f8cfedd20STacSV64.exe
C:Windowssystem32svchost.exe -k LocalService
C:Program FilesDellDellDockDockLogin.exe
C:Windowssystem32svchost.exe -k NetworkService
C:Program FilesDellDell Wireless WLAN CardWLTRYSVC.EXE
C:Windowssystem32WLANExt.exe
C:Windowssystem32conhost.exe
C:Program FilesDellDell Wireless WLAN Cardbcmwltry.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:Program Files (x86)LavasoftAd-AwareAAWService.exe
C:Windowssystem32nvvsvc.exe
C:WindowsSystem32spoolsv.exe
C:Windowssystem32svchost.exe -k LocalServiceNoNetwork
C:Program Files (x86)Common FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program Files (x86)BonjourmDNSResponder.exe
C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe
C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation
c:Program Files (x86)Common FilesDellAdvanced Networking Servicehnm_svc.exe
C:WindowsSysWOW64rpcnet.exe
C:Program Files (x86)MicrosoftSearch Enhancement PackSeaPortSeaPort.exe
C:Program Files (x86)Dell DataSafe Local Backupsftservice.EXE
C:WindowsSystem32svchost.exe -k secsvcs
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Windowssystem32svchost.exe -k bthsvcs
C:Windowssystem32wbemunsecapp.exe
C:Windowssystem32wbemwmiprvse.exe
C:Windowssystem32taskhost.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:WindowsSystem32rundll32.exe
C:Program Files (x86)Dell DataSafe Local BackupComponentsschedulerSTService.exe
C:Program Files (x86)Dell DataSafe Local BackupToaster.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesDellQuickSetquickset.exe
C:Program FilesDellDell Wireless WLAN CardWLTRAY.EXE
C:Program FilesIDTWDMsttray64.exe
C:Program FilesWindows Sidebarsidebar.exe
C:WindowsSystem32StikyNot.exe
C:Program FilesSynapticsSynTPSynTPHelper.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
C:Windowssystem32SearchIndexer.exe
C:Program Files (x86)Dell Remote Accessezi_ra.exe
C:Program Files (x86)Dell DataSafe OnlineDataSafeOnline.exe
C:Program FilesDellDellDockDellDock.exe
C:Program Files (x86)Sensible VisionFast AccessFATrayMon.exe
C:Program Files (x86)CyberLinkPowerDVD DXPDVDDXSrv.exe
C:Program Files (x86)Dell WebcamDell Webcam CentralWebcamDell2.exe
C:Program Files (x86)Sensible VisionFast AccessFATrayAlert.exe
C:Program FilesAlwil SoftwareAvast4ashDisp.exe
C:Program Files (x86)Common FilesResearch In MotionAuto UpdateRIMAutoUpdate.exe
C:Program Files (x86)Common FilesSkyscapeBlackBerrySkyscapeBBDM.exe
C:Program Files (x86)Common FilesResearch In MotionUSB DriversBbDevMgr.exe
C:Program FilesWIDCOMMBluetooth SoftwareBtStackServer.exe
C:Program FilesWIDCOMMBluetooth SoftwareBluetoothHeadsetProxy.exe
C:Program Files (x86)LavasoftAd-AwareAAWTray.exe
C:WindowsSystem32vds.exe
C:UsersAmy ManglaAppDataLocalGoogleChromeApplicationchrome.exe
C:UsersAmy ManglaAppDataLocalGoogleChromeApplicationchrome.exe
C:Program FilesAlwil SoftwareAvast4ashSimpl.exe
C:Program Files (x86)Dell Support Centerbinsprtsvc.exe
C:Program FilesWindows Media Playerwmpnetwk.exe
C:UsersAmy ManglaAppDataLocalGoogleChromeApplicationchrome.exe
C:UsersAmy ManglaAppDataLocalGoogleChromeApplicationchrome.exe
C:UsersAmy ManglaAppDataLocalGoogleChromeApplicationchrome.exe
C:UsersAmy ManglaAppDataLocalGoogleChromeApplicationchrome.exe
C:Program Files (x86)Calgoo CalendarCalgooCalendar.exe
C:Windowssystem32SearchProtocolHost.exe
C:Windowssystem32SearchFilterHost.exe
C:Windowssystem32DllHost.exe
C:Windowssystem32DllHost.exe
C:UsersAmy ManglaDocumentsDownloadsdds.scr
C:Windowssystem32conhost.exe
C:Windowssystem32wbemwmiprvse.exe

============== Pseudo HJT Report ===============

mLocal Page = c:windowssyswow64blank.htm
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:program files (x86)common filesadobeacrobatactivexAcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:program files (x86)microsoftsearch enhancement packsearch helperSEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:program files (x86)common filesmicrosoft sharedwindows liveWindowsLiveLogin.dll
BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - c:program files (x86)sensible visionfast accessFAIESSO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program files (x86)javajre6binjp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:program files (x86)windows livetoolbarwltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:program files (x86)windows livetoolbarwltcore.dll
uRun: [Google Update] "c:usersamy manglaappdatalocalgoogleupdateGoogleUpdate.exe" /c
uRun: [Sidebar] c:program fileswindows sidebarsidebar.exe /autoRun
uRun: [RESTART_STICKY_NOTES] c:windowssystem32StikyNot.exe
uRun: [msnmsgr] "c:program files (x86)windows livemessengermsnmsgr.exe" /background
mRun: [Dell DataSafe Online] "c:program files (x86)dell datasafe onlineDataSafeOnline.exe" /m
mRun: [FATrayAlert] c:program files (x86)sensible visionfast accessFATrayMon.exe
mRun: [PDVDDXSrv] "c:program files (x86)cyberlinkpowerdvd dxPDVDDXSrv.exe"
mRun: [Dell Webcam Central] "c:program files (x86)dell webcamdell webcam centralWebcamDell2.exe" /mode2
mRun: [FAStartup]
mRun: [DellSupportCenter] "c:program files (x86)dell support centerbinsprtcmd.exe" /P DellSupportCenter
mRun: [avast!] "c:program filesalwil softwareavast4ashDisp.exe"
mRun: [Adobe Reader Speed Launcher] "c:program files (x86)adobereader 9.0readerReader_sl.exe"
mRun: [Adobe ARM] "c:program files (x86)common filesadobearm1.0AdobeARM.exe"
mRun: [QuickTime Task] "c:program files (x86)quicktimeQTTask.exe" -atboottime
mRun: [BlackBerryAutoUpdate] c:program files (x86)common filesresearch in motionauto updateRIMAutoUpdate.exe /background
mRun: [SkyscapeBBDM] c:program files (x86)common filesskyscapeblackberrySkyscapeBBDM.exe
mRunOnce: [Launcher] c:program files (x86)dell datasafe local backupcomponentsschedulerLauncher.exe
mRunOnce: [STToasterLauncher] c:program files (x86)dell datasafe local backuptoasterLauncher.exe
StartupFolder: c:usersamyman~1appdataroamingmicros~1windowsstartm~1programsstartupdelldo~1.lnk - c:program filesdelldelldockDellDock.exe
StartupFolder: c:usersamyman~1appdataroamingmicros~1windowsstartm~1programsstartupskysca~1.lnk - c:program files (x86)common filesskyscapeSmartUpdate.exe
StartupFolder: c:progra~3micros~1windowsstartm~1programsstartupblueto~1.lnk - c:program fileswidcommbluetooth softwareBTTray.exe
StartupFolder: c:progra~3micros~1windowsstartm~1programsstartupdellre~1.lnk - c:windowsinstaller{f66a31d9-7831-4fba-ba02-c411c0047cc5}NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:progra~2micros~2office12EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:program fileswidcommbluetooth softwarebtsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:program fileswidcommbluetooth softwarebtsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:program fileswidcommbluetooth softwarebtsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:program files (x86)windows livewriterWriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:progra~2micros~2office12ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~2micros~2office12REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Notify: FastAccess - c:program files (x86)sensible visionfast accessFALogNot.dll
LSA: Notification Packages = scecli FAPassSync
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:program filesjavajre6binjp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%SynapticsSynTPSynTPEnh.exe
mRun-x64: [QuickSet] c:program filesdellquicksetQuickSet.exe
mRun-x64: [Broadcom Wireless Manager UI] c:program filesdelldell wireless wlan cardWLTRAY.exe
mRun-x64: [SysTrayApp] c:program filesidtwdmsttray64.exe
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartup
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:program fileswidcommbluetooth softwarebtsendto_ie.htm

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:windowssystem32driversLbd.sys [2009-11-10 69152]
R0 PxHlpa64;PxHlpa64;c:windowssystem32driversPxHlpa64.sys [2009-11-4 55280]
R1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [2009-11-10 89680]
R1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32driversvwififlt.sys [2009-7-13 59904]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [2009-11-10 22096]
R2 aswMonFlt;aswMonFlt;c:windowssystem32driversaswMonFlt.sys [2009-11-10 65616]
R2 avast! Antivirus;avast! Antivirus;c:program filesalwil softwareavast4ashServ.exe [2009-12-2 138680]
R2 DockLoginService;Dock Login Service;c:program filesdelldelldockDockLogin.exe [2008-12-18 155648]
R2 FAService;FAService;c:program files (x86)sensible visionfast accessFAService.exe [2009-6-24 2368776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:program files (x86)lavasoftad-awareAAWService.exe [2009-9-24 1184912]
R2 SftService;SoftThinks Agent Service;c:program files (x86)dell datasafe local backupSftService.exe [2009-11-4 656624]
R3 avast! Mail Scanner;avast! Mail Scanner;c:program filesalwil softwareavast4ashMaiSv.exe [2009-12-2 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:program filesalwil softwareavast4ashWebSv.exe [2009-12-2 352920]
R3 btwl2cap;Bluetooth L2CAP Service;c:windowssystem32driversbtwl2cap.sys [2009-11-10 35104]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:windowssystem32driversCtClsFlt.sys [2009-11-4 172704]
R3 itecir;ITECIR Infrared Receiver;c:windowssystem32driversitecir.sys [2009-11-4 60416]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:windowssystem32driversnvhda64v.sys [2009-11-10 83488]
S2 SessionLauncher;SessionLauncher;c:usersadmini~1appdatalocaltempdx9sessionlauncher.exe --> c:usersadmini~1appdatalocaltempdx9SessionLauncher.exe [?]
S3 FACAP;facap, FastAccess Video Capture;c:windowssystem32driversfacap.sys [2008-9-24 238848]
S3 RoxMediaDB10;RoxMediaDB10;c:program files (x86)common filesroxio shared10.0sharedcomRoxMediaDB10.exe [2009-6-26 1124848]

=============== Created Last 30 ================

2009-12-08 00:35:40 0 d-----w- c:usersamyman~1appdataroamingMalwarebytes
2009-12-08 00:35:34 22104 ----a-w- c:windowssystem32driversmbam.sys
2009-12-08 00:35:34 0 d-----w- c:programdataMalwarebytes
2009-12-08 00:35:34 0 d-----w- c:program files (x86)Malwarebytes' Anti-Malware
2009-12-07 08:01:29 0 ---ha-w- c:windowssystem32driversMsft_Kernel_NuidFltr_01005.Wdf
2009-12-02 01:39:53 15880 ----a-w- c:windowssystem32lsdelete.exe
2009-11-28 05:55:15 0 d-----w- c:program files (x86)Skyscape
2009-11-28 05:55:10 724992 ----a-w- c:windowsiun6002.exe
2009-11-28 05:55:08 0 d-----w- c:windowsSkyscape
2009-11-28 05:55:08 0 d-----w- c:program files (x86)common filesSkyscape
2009-11-28 05:27:36 0 ---ha-w- c:windowssystem32driversMsft_User_WpdFs_01_09_00.Wdf
2009-11-28 05:26:41 0 d-----w- c:usersamyman~1appdataroamingResearch In Motion
2009-11-28 05:25:28 31744 ----a-w- c:windowssystem32driversRimSerial_AMD64.sys
2009-11-28 05:25:14 0 d-----w- c:programdataResearch In Motion
2009-11-28 05:25:07 0 d-----w- c:program files (x86)common filesResearch In Motion
2009-11-28 05:25:06 0 d-----w- c:program files (x86)Research In Motion
2009-11-25 23:26:09 2048 ----a-w- c:windowssyswow64tzres.dll
2009-11-25 23:26:09 2048 ----a-w- c:windowssystem32tzres.dll
2009-11-24 03:30:53 17408 ----a-w- c:windowssyswow64rpcnetp.dll
2009-11-24 03:30:36 17408 ----a-w- c:windowssyswow64rpcnetp.exe
2009-11-24 03:30:36 17408 ----a-w- c:windowssystem32rpcnetp.exe
2009-11-19 03:51:20 51200 ----a-w- c:windowssyswow64rpcnet.dll
2009-11-19 03:51:02 51200 ----a-w- c:windowssyswow64rpcnet.exe
2009-11-19 03:49:26 0 d-----w- c:windowsLoJackInstaller
2009-11-11 16:13:14 311808 ----a-w- c:windowssystem32msv1_0.dll
2009-11-11 16:13:14 257024 ----a-w- c:windowssyswow64msv1_0.dll
2009-11-11 16:11:26 0 d-----w- c:program files (x86)MSXML 4.0
2009-11-11 16:04:04 5958656 ----a-w- c:windowssyswow64mshtml.dll
2009-11-11 16:04:00 64512 ----a-w- c:windowssyswow64msfeedsbs.dll
2009-11-11 16:03:54 46592 ----a-w- c:windowssystem32msasn1.dll
2009-11-11 16:03:54 34816 ----a-w- c:windowssyswow64msasn1.dll
2009-11-11 05:08:24 94208 ----a-w- c:windowssyswow64QuickTimeVR.qtx
2009-11-11 05:08:24 69632 ----a-w- c:windowssyswow64QuickTime.qts
2009-11-11 01:39:27 0 d-----w- c:usersamy manglaCalgoo
2009-11-11 01:39:19 0 d-----w- c:program files (x86)common filesCalgoo
2009-11-11 01:39:10 0 d-----w- c:program files (x86)Calgoo Calendar
2009-11-10 23:22:20 34152 ----a-w- c:windowssystem32driversGEARAspiWDM.sys
2009-11-10 23:22:20 126312 ----a-w- c:windowssystem32GEARAspi64.dll
2009-11-10 23:22:20 107368 ----a-w- c:windowssyswow64GEARAspi.dll
2009-11-10 23:22:09 0 d-----w- c:program filesiPod
2009-11-10 23:22:08 0 d-----w- c:programdata{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
2009-11-10 23:22:08 0 d-----w- c:program filesiTunes
2009-11-10 23:22:08 0 d-----w- c:program files (x86)iTunes
2009-11-10 23:21:40 0 d-----w- c:program files (x86)Bonjour
2009-11-10 23:21:39 0 d-----w- c:program filesBonjour
2009-11-10 23:21:18 0 d-----w- c:programdataApple Computer
2009-11-10 23:21:00 0 d-----w- c:program filescommon filesApple
2009-11-10 23:20:42 0 d-----w- c:programdataApple
2009-11-10 23:17:58 0 d-----w- c:program filesWinRAR
2009-11-10 23:07:31 0 d-----w- c:program filesMicrosoft Office
2009-11-10 23:06:36 0 d-----w- c:programdataMicrosoft Help
2009-11-10 22:30:17 0 d-----w- c:program files (x86)VideoLAN
2009-11-10 22:16:33 69152 ----a-w- c:windowssystem32driversLbd.sys
2009-11-10 22:16:29 93360 ----a-w- c:windowssystem32driversSBREDrv.sys
2009-11-10 22:14:16 0 d-----w- c:usersamy manglaTracing
2009-11-10 22:13:43 0 dc-h--w- c:programdata{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-10 22:13:38 0 d-----w- c:programdataLavasoft
2009-11-10 22:13:38 0 d-----w- c:program files (x86)Lavasoft
2009-11-10 22:00:45 65616 ----a-w- c:windowssystem32driversaswMonFlt.sys
2009-11-10 22:00:45 0 ----a-w- c:windowssyswow64config.nt
2009-11-10 22:00:31 380928 ----a-w- c:windowssyswow64actskin4.ocx
2009-11-10 22:00:31 1280480 ----a-w- c:windowssyswow64aswBoot.exe
2009-11-10 22:00:28 0 d-----w- c:program filesAlwil Software
2009-11-10 21:53:52 226688 ------w- c:windowssystem32MpSigStub.exe
2009-11-10 21:43:27 0 d-----w- c:usersamyman~1appdataroamingAVG8
2009-11-10 21:29:19 98344 ----a-w- c:windowssystem32driversbtwaudio.sys
2009-11-10 21:29:19 35104 ----a-w- c:windowssystem32driversbtwl2cap.sys
2009-11-10 21:29:19 21160 ----a-w- c:windowssystem32driversbtwrchid.sys
2009-11-10 21:29:19 132648 ----a-w- c:windowssystem32driversbtwavdt.sys
2009-11-10 21:10:33 0 d-----w- c:program filesIDT
2009-11-10 21:03:41 0 d-----w- c:tempRecovery
2009-11-10 21:03:39 0 d-----w- c:tempBoot
2009-11-10 21:03:39 0 d-----w- C:Temp
2009-11-10 20:59:18 0 d-----w- c:usersamy manglaMy Backup Files
2009-11-10 20:56:20 0 d-----w- c:usersamyman~1appdataroamingAbsolute
2009-11-10 20:55:49 0 d-----w- c:usersamyman~1appdataroamingDell
2009-11-10 20:55:12 2164 ----a-w- c:usersamyman~1appdataroaminginstall.dat
2009-11-10 20:53:46 0 d-sh--w- C:System Recovery

==================== Find3M ====================

2009-11-04 20:43:02 0 ---ha-w- c:windowssystem32driversMsft_Kernel_SynTP_01009.Wdf
2009-11-04 20:21:28 3804 ----a-w- c:windowssystem32drivers1028_Dell_STU_1340.mrk
2009-11-04 18:51:58 455680 ----a-w- c:windowssystem32deploytk.dll
2009-11-04 18:51:15 410984 ----a-w- c:windowssyswow64deploytk.dll
2009-11-04 18:51:15 148888 ----a-w- c:windowssyswow64javaws.exe
2009-11-04 18:51:15 144792 ----a-w- c:windowssyswow64javaw.exe
2009-11-04 18:51:15 144792 ----a-w- c:windowssyswow64java.exe
2009-11-04 08:58:42 22528 ----a-w- c:windowssystem32driversdc3d.sys
2009-10-21 16:45:04 33792 ----a-w- c:windowssyswow64identprv.dll
2009-09-09 23:34:08 49152 ----a-w- c:windowssyswow64instw64.exe
2009-07-14 05:37:38 31548 ----a-w- c:windowsinfperflib0409perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:windowsinfperflib0409perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:windowsinfperflib0409perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:windowsinfperflib0409perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:program filesdesktop.ini
2009-07-14 04:54:24 174 --sha-w- c:program files (x86)desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:windowsinfperflib0000perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:windowsinfperflib0000perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:windowsinfperflib0000perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:windowsinfperflib0000perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:windowsfontsStaticCache.dat
2009-07-14 05:12:52 245760 --sha-w- c:windowssystem32configsystemprofileappdataroamingmicrosoftwindowsietldcacheindex.dat
2009-07-14 01:39:53 398848 --sha-w- c:windowswinsxsamd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:windowswinsxsx86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86cWinMail.exe

============= FINISH: 9:56:43.44 ===============

Oops..here is a copy of my malaware bytes log!!!

Malwarebytes' Anti-Malware 1.42
Database version: 3313
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/7/2009 8:30:05 PM
mbam-log-2009-12-07 (20-30-05).txt

Scan type: Full Scan (C:|)
Objects scanned: 210295
Time elapsed: 41 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorerNoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 08 December 2009 - 10:45 PM.


BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 PM

Posted 20 December 2009 - 05:31 PM

Hi,

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay of response.

If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log.


For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-RootRepeal logs
-Description of any remaining problems you may still have.


Thanks again and we apologize for the delay.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 amydot

amydot
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 21 December 2009 - 11:12 AM

Thank you extreme boy for your response! Very much appreciated!

As I mentioned before, I did remove something as i said with malaware bytes, but I'm just not convinced my computer is up to speed. It is still slow and that makes me think the virus is still on the computer.

As instructed: I did a new DDS log for you.

The problem I am having is that root repeal will not run on my 64-bit OS, so I don't know how to get around that.

Instead I did run hijackthis and have added the log of that as well.


DDS LOG


DDS (Ver_09-12-01.01) - NTFSX64
Run by Amy Mangla at 11:01:26.91 on Mon 12/21/2009
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2028 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files (x86)\Common Files\Skyscape\BlackBerry\SkyscapeBBDM.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Users\Amy Mangla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amy Mangla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\vds.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Users\Amy Mangla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Amy Mangla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amy Mangla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\wscript.exe
C:\Users\Amy Mangla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amy Mangla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Amy Mangla\Documents\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - c:\program files (x86)\sensible vision\fast access\FAIESSO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
uRun: [Google Update] "c:\users\amy mangla\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
mRun: [Dell DataSafe Online] "c:\program files (x86)\dell datasafe online\DataSafeOnline.exe" /m
mRun: [FATrayAlert] c:\program files (x86)\sensible vision\fast access\FATrayMon.exe
mRun: [PDVDDXSrv] "c:\program files (x86)\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "c:\program files (x86)\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [FAStartup]
mRun: [DellSupportCenter] "c:\program files (x86)\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [BlackBerryAutoUpdate] c:\program files (x86)\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [SkyscapeBBDM] c:\program files (x86)\common files\skyscape\blackberry\SkyscapeBBDM.exe
mRunOnce: [Launcher] c:\program files (x86)\dell datasafe local backup\components\scheduler\Launcher.exe
mRunOnce: [STToasterLauncher] c:\program files (x86)\dell datasafe local backup\toasterLauncher.exe
StartupFolder: c:\users\amyman~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\users\amyman~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\skysca~1.lnk - c:\program files (x86)\common files\skyscape\SmartUpdate.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\dellre~1.lnk - c:\windows\installer\{f66a31d9-7831-4fba-ba02-c411c0047cc5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Notify: FastAccess - c:\program files (x86)\sensible vision\fast access\FALogNot.dll
LSA: Notification Packages = scecli FAPassSync
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun-x64: [Broadcom Wireless Manager UI] c:\program files\dell\dell wireless wlan card\WLTRAY.exe
mRun-x64: [SysTrayApp] c:\program files\idt\wdm\sttray64.exe
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-10 69152]
R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-11-4 55280]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-10 89680]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-10 22096]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-11-10 65616]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-12-2 138680]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 FAService;FAService;c:\program files (x86)\sensible vision\fast access\FAService.exe [2009-6-24 2368776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\lavasoft\ad-aware\AAWService.exe [2009-9-24 1184912]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\dell datasafe local backup\SftService.exe [2009-11-4 656624]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-12-2 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-12-2 352920]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-11-10 35104]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-11-4 172704]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2009-11-4 60416]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-11-10 83488]
S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?]
S3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\drivers\facap.sys [2008-9-24 238848]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-6-26 1124848]

=============== Created Last 30 ================

2009-12-14 21:09:00 0 d-----w- c:\users\amyman~1\appdata\roaming\Sports Interactive
2009-12-14 21:08:57 0 d-----w- c:\program files (x86)\Sports Interactive
2009-12-12 01:46:03 5958656 ----a-w- c:\windows\syswow64\mshtml.dll
2009-12-12 01:46:02 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2009-12-08 15:11:23 0 d-----w- c:\programdata\Citrix
2009-12-08 15:10:59 61224 ----a-w- c:\users\amy mangla\GoToAssistDownloadHelper.exe
2009-12-08 00:35:40 0 d-----w- c:\users\amyman~1\appdata\roaming\Malwarebytes
2009-12-08 00:35:34 22104 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-08 00:35:34 0 d-----w- c:\programdata\Malwarebytes
2009-12-08 00:35:34 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2009-12-07 08:01:29 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-12-02 01:39:53 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-28 05:55:15 0 d-----w- c:\program files (x86)\Skyscape
2009-11-28 05:55:10 724992 ----a-w- c:\windows\iun6002.exe
2009-11-28 05:55:08 0 d-----w- c:\windows\Skyscape
2009-11-28 05:55:08 0 d-----w- c:\program files (x86)\common files\Skyscape
2009-11-28 05:27:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-11-28 05:26:41 0 d-----w- c:\users\amyman~1\appdata\roaming\Research In Motion
2009-11-28 05:25:28 31744 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys
2009-11-28 05:25:14 0 d-----w- c:\programdata\Research In Motion
2009-11-28 05:25:07 0 d-----w- c:\program files (x86)\common files\Research In Motion
2009-11-28 05:25:06 0 d-----w- c:\program files (x86)\Research In Motion
2009-11-25 23:26:09 2048 ----a-w- c:\windows\syswow64\tzres.dll
2009-11-25 23:26:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 03:30:53 17408 ----a-w- c:\windows\syswow64\rpcnetp.dll
2009-11-24 03:30:36 17408 ----a-w- c:\windows\syswow64\rpcnetp.exe
2009-11-24 03:30:36 17408 ----a-w- c:\windows\system32\rpcnetp.exe

==================== Find3M ====================

2009-12-21 15:53:02 51200 ----a-w- c:\windows\syswow64\rpcnet.dll
2009-11-24 23:54:29 1280480 ----a-w- c:\windows\syswow64\aswBoot.exe
2009-11-24 23:49:56 65616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-11-19 03:49:25 51200 ----a-w- c:\windows\syswow64\rpcnet.exe
2009-11-10 22:16:29 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-10 20:56:52 2164 ----a-w- c:\users\amyman~1\appdata\roaming\install.dat
2009-11-04 20:43:02 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2009-11-04 20:21:28 3804 ----a-w- c:\windows\system32\drivers\1028_Dell_STU_1340.mrk
2009-11-04 18:51:58 455680 ----a-w- c:\windows\system32\deploytk.dll
2009-11-04 18:51:15 410984 ----a-w- c:\windows\syswow64\deploytk.dll
2009-11-04 18:51:15 148888 ----a-w- c:\windows\syswow64\javaws.exe
2009-11-04 18:51:15 144792 ----a-w- c:\windows\syswow64\javaw.exe
2009-11-04 18:51:15 144792 ----a-w- c:\windows\syswow64\java.exe
2009-11-04 08:58:42 22528 ----a-w- c:\windows\system32\drivers\dc3d.sys
2009-11-03 02:42:06 226688 ------w- c:\windows\system32\MpSigStub.exe
2009-10-21 16:45:04 33792 ----a-w- c:\windows\syswow64\identprv.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 05:12:52 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 11:02:01.61 ===============



HIJACK THIS LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:06:34 AM, on 12/21/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files (x86)\Common Files\Skyscape\BlackBerry\SkyscapeBBDM.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Users\Amy Mangla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Users\Amy Mangla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amy Mangla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amy Mangla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amy Mangla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amy Mangla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Users\Amy Mangla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FAIESSO Helper Object - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [SkyscapeBBDM] C:\Program Files (x86)\Common Files\Skyscape\BlackBerry\SkyscapeBBDM.exe
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
O4 - HKLM\..\RunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Amy Mangla\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: Skyscape SmartUpdate.lnk = C:\Program Files (x86)\Common Files\Skyscape\SmartUpdate.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Dell Remote Access.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O20 - Winlogon Notify: FastAccess - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FAService - Sensible Vision - c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\SysWOW64\rpcnet.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SessionLauncher - Unknown owner - c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13339 bytes





Again, thanks so much for your help! I haven't been able to find a lot of stuff on Win 7, and I was so disheartened that after having my computer for less than a month I get a win32 malware gen virus!

Attached Files



#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 PM

Posted 21 December 2009 - 12:18 PM

Again, thanks so much for your help! I haven't been able to find a lot of stuff on Win 7, and I was so disheartened that after having my computer for less than a month I get a win32 malware gen virus!

Can you let me know the file that Avast detected?

--
Run an online scan for me. The slowness may not be necessarily caused by the malware but we will confirm that.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Open the Kaspersky WebScanner
    page.
  • Click on the Posted Image button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Posted Image button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis if needed.

Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 amydot

amydot
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 21 December 2009 - 12:41 PM

Hi EB.

Well, I cannot run the Kaspersky online scan because it does not support Win 7! Urgh, this is very frustrating!

AVAST detected a win32 malware gen. I am sorry I didn't get all the information down regarding the virus when the window popped up. AVAST could not remove the virus to the chest. How do I go into AVAST to get the information on exactly what kind of virus it was?

because AVAST couldn't move to the chest, I downloaded malaware bytes and it did find something:
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.



sorry this is being such a hassle but I guess all the programs haven't updated to win 7 yet!

let me know what else I can do. I want you to know I appreciate all your help so far!

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 PM

Posted 21 December 2009 - 01:23 PM

Hello.

I just tried ESET on my Windows 7 system and it works, so let`s run this instead...

Run ESET Online Scan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
You can refer to this animation by neomage if needed.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 amydot

amydot
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 21 December 2009 - 05:01 PM

I did a ESET scan as you requested and out of the 10606 files on my computer no threats were found. After the scan was complete, the only button to push was finished and clicking finished brought me to the additional information page! thus, I was unable to list threat founds and export the file.

the scan took about 32 mins.

so that looks very promising! I am glad nothing was found.

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 PM

Posted 21 December 2009 - 05:57 PM

That's good. Just post the DDS logs that I requested again please.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 amydot

amydot
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 22 December 2009 - 06:39 PM

EB,

Sorry it has taken me so long to post the files, but my internet in my apartment crapped out and I haven't been able to get online! Thank goodness Barnes and Noble now offers free wireless! Power to the free WIFI :(

Here are the dds files you wanted


DDS (Ver_09-12-01.01) - NTFSX64
Run by Amy Mangla at 18:37:03.09 on Tue 12/22/2009
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2114 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files (x86)\Common Files\Skyscape\BlackBerry\SkyscapeBBDM.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\System32\vds.exe
C:\Users\Amy Mangla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amy Mangla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amy Mangla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amy Mangla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amy Mangla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amy Mangla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amy Mangla\AppData\Local\Google\Chrome\Application\chrome.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Amy Mangla\Documents\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - c:\program files (x86)\sensible vision\fast access\FAIESSO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
uRun: [Google Update] "c:\users\amy mangla\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
mRun: [Dell DataSafe Online] "c:\program files (x86)\dell datasafe online\DataSafeOnline.exe" /m
mRun: [FATrayAlert] c:\program files (x86)\sensible vision\fast access\FATrayMon.exe
mRun: [PDVDDXSrv] "c:\program files (x86)\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "c:\program files (x86)\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [FAStartup]
mRun: [DellSupportCenter] "c:\program files (x86)\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [BlackBerryAutoUpdate] c:\program files (x86)\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [SkyscapeBBDM] c:\program files (x86)\common files\skyscape\blackberry\SkyscapeBBDM.exe
mRunOnce: [Launcher] c:\program files (x86)\dell datasafe local backup\components\scheduler\Launcher.exe
mRunOnce: [STToasterLauncher] c:\program files (x86)\dell datasafe local backup\toasterLauncher.exe
StartupFolder: c:\users\amyman~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\users\amyman~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\skysca~1.lnk - c:\program files (x86)\common files\skyscape\SmartUpdate.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\dellre~1.lnk - c:\windows\installer\{f66a31d9-7831-4fba-ba02-c411c0047cc5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Notify: FastAccess - c:\program files (x86)\sensible vision\fast access\FALogNot.dll
LSA: Notification Packages = scecli FAPassSync
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun-x64: [Broadcom Wireless Manager UI] c:\program files\dell\dell wireless wlan card\WLTRAY.exe
mRun-x64: [SysTrayApp] c:\program files\idt\wdm\sttray64.exe
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-10 69152]
R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-11-4 55280]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-10 89680]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-10 22096]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-11-10 65616]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-12-2 138680]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 FAService;FAService;c:\program files (x86)\sensible vision\fast access\FAService.exe [2009-6-24 2368776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\lavasoft\ad-aware\AAWService.exe [2009-9-24 1184912]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\dell datasafe local backup\SftService.exe [2009-11-4 656624]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-12-2 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-12-2 352920]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-11-10 35104]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-11-4 172704]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2009-11-4 60416]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-11-10 83488]
S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?]
S3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\drivers\facap.sys [2008-9-24 238848]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-6-26 1124848]

=============== Created Last 30 ================

2009-12-22 18:17:39 0 d-----w- c:\programdata\CyberLink
2009-12-21 18:43:42 0 d-----w- c:\program files (x86)\ESET
2009-12-21 16:06:19 0 d-----w- c:\program files (x86)\Trend Micro
2009-12-14 21:09:00 0 d-----w- c:\users\amyman~1\appdata\roaming\Sports Interactive
2009-12-14 21:08:57 0 d-----w- c:\program files (x86)\Sports Interactive
2009-12-12 01:46:03 5958656 ----a-w- c:\windows\syswow64\mshtml.dll
2009-12-12 01:46:02 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2009-12-08 15:11:23 0 d-----w- c:\programdata\Citrix
2009-12-08 15:10:59 61224 ----a-w- c:\users\amy mangla\GoToAssistDownloadHelper.exe
2009-12-08 00:35:40 0 d-----w- c:\users\amyman~1\appdata\roaming\Malwarebytes
2009-12-08 00:35:34 22104 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-08 00:35:34 0 d-----w- c:\programdata\Malwarebytes
2009-12-08 00:35:34 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2009-12-07 08:01:29 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-12-02 01:39:53 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-28 05:55:15 0 d-----w- c:\program files (x86)\Skyscape
2009-11-28 05:55:10 724992 ----a-w- c:\windows\iun6002.exe
2009-11-28 05:55:08 0 d-----w- c:\windows\Skyscape
2009-11-28 05:55:08 0 d-----w- c:\program files (x86)\common files\Skyscape
2009-11-28 05:27:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-11-28 05:26:41 0 d-----w- c:\users\amyman~1\appdata\roaming\Research In Motion
2009-11-28 05:25:28 31744 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys
2009-11-28 05:25:14 0 d-----w- c:\programdata\Research In Motion
2009-11-28 05:25:07 0 d-----w- c:\program files (x86)\common files\Research In Motion
2009-11-28 05:25:06 0 d-----w- c:\program files (x86)\Research In Motion
2009-11-25 23:26:09 2048 ----a-w- c:\windows\syswow64\tzres.dll
2009-11-25 23:26:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 03:30:53 17408 ----a-w- c:\windows\syswow64\rpcnetp.dll
2009-11-24 03:30:36 17408 ----a-w- c:\windows\syswow64\rpcnetp.exe
2009-11-24 03:30:36 17408 ----a-w- c:\windows\system32\rpcnetp.exe

==================== Find3M ====================

2009-12-22 23:32:53 51200 ----a-w- c:\windows\syswow64\rpcnet.dll
2009-11-24 23:54:29 1280480 ----a-w- c:\windows\syswow64\aswBoot.exe
2009-11-24 23:49:56 65616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-11-19 03:49:25 51200 ----a-w- c:\windows\syswow64\rpcnet.exe
2009-11-10 22:16:29 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-10 20:56:52 2164 ----a-w- c:\users\amyman~1\appdata\roaming\install.dat
2009-11-04 20:43:02 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2009-11-04 20:21:28 3804 ----a-w- c:\windows\system32\drivers\1028_Dell_STU_1340.mrk
2009-11-04 18:51:58 455680 ----a-w- c:\windows\system32\deploytk.dll
2009-11-04 18:51:15 410984 ----a-w- c:\windows\syswow64\deploytk.dll
2009-11-04 18:51:15 148888 ----a-w- c:\windows\syswow64\javaws.exe
2009-11-04 18:51:15 144792 ----a-w- c:\windows\syswow64\javaw.exe
2009-11-04 18:51:15 144792 ----a-w- c:\windows\syswow64\java.exe
2009-11-04 08:58:42 22528 ----a-w- c:\windows\system32\drivers\dc3d.sys
2009-11-03 02:42:06 226688 ------w- c:\windows\system32\MpSigStub.exe
2009-10-21 16:45:04 33792 ----a-w- c:\windows\syswow64\identprv.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 05:12:52 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 18:37:43.12 ===============

Attached Files



#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 PM

Posted 22 December 2009 - 07:24 PM

How's your computer feeling/running? The logs look fine to me.

--

Just update your Java.

Update Java to Version 6 Update 17

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for Java Runtime Environment (JRE) JRE 6 Update 17.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


--

If all is good we can wrap up next post. :(

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 amydot

amydot
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 23 December 2009 - 11:57 AM

Thanks a lot EB!

I guess one of the reasons my computer felt so slow was the internet, but I live in a bedroom over a house and the modem/router is in the house, and I didn't know that the people living there were having problems with the internet, too.

as for slowness in general, I guess I need check for adware and stuff like that. it's just a pinch slower than when I received the computer.


i did download the latest java, i did the 17 64 bit by accident. that shouldn't matter should it? and I deleted the java update 14 that was previously installed on my Dell.


Thank you thank you thank for all your help. Really puts my mind at ease this holiday season and doesn't make me hate Win 7 so much anymore!

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 PM

Posted 23 December 2009 - 12:26 PM

Hello.

i did download the latest java, i did the 17 64 bit by accident. that shouldn't matter should it? and I deleted the java update 14 that was previously installed on my Dell

Yes, that's fine since this computer is 64bit.

as for slowness in general, I guess I need check for adware and stuff like that. it's just a pinch slower than when I received the computer.

You're free of malware so I checking for ad-ware is part of malware so it's not that.



Please follow/read the steps below to remove the tools we used, purge a system restore and for some more information. :)

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
Create a New System Restore Point<- Very Important

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok"
  • Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" Tab.
  • Click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

System A bit Slow? Try StartupLight

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.

If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.


Congratulations! You now appear clean! :(

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:
  • Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
Disable Autorun on Flash-Drive/Removable Drives

When is AUTORUN.INF really an AUTORUN.INF?

USB worms work by creating a file called AUTORUN.INF on the root of USB drives. These INF files then use Autorun or Autoplay (not the same thing!) to execute themselves either when the stick is inserted, or more commonly, when the user double-clicks on the USB drive icon from My Computer (Windows Explorer)...


Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks and Please disable Autorun asap!.

If using Windows Vista, please refer to:
"Disable AutoPlay in Windows Vista"
"Preventing AutoPlay with Local Group Policy Editor or AutoPlay options panel"

Note: When Autorun is disabled, double-clicking a drive which has autorun.inf in its root directory may still activate Autorun so be careful.

Update Non-Microsoft Programs

It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help and thank you for choosing Bleeping Computer as you malware removal source.
Don't forget to tell your friends about us and Good luck :(


If you have no more questions, comments or problems please tell us, so we can close off the topic.

Thanks :)

With Regards,
Extremeboy

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 amydot

amydot
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 24 December 2009 - 09:43 PM

Thanks so much for your help EB!

I did a system restore to what was recommended. It did not give me an option to create my own.

I also did a disk cleanup to what was recommended. in Win 7 I did not see a more options tab.

I hope you have a wonderful holiday season. It was sooooooo amazing to get individualized help. What a great service you offer

thanks again.

Edited by amydot, 24 December 2009 - 09:45 PM.


#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 PM

Posted 24 December 2009 - 09:54 PM

Thanks for the kinds words.

You're very welcome. :(

Glad we could of helped out!

Happy surfing again and have a great holiday with your family.

With Regards,
Extremeboy

Edited by extremeboy, 24 December 2009 - 09:54 PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 PM

Posted 24 December 2009 - 09:56 PM

Hello.

Since the problem appears to be resolved, this topic is now Closed. Glad we could help :(
If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.

This applies only to the original topic starter

Everyone else please start a new topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users