Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

So confused I am pulling my hair out


  • This topic is locked This topic is locked
5 replies to this topic

#1 TechTardedAZ

TechTardedAZ

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Ajo, AZ
  • Local time:11:32 PM

Posted 11 December 2010 - 08:20 PM

About ten years ago or so I was real good with computers but I moved to the middle of nowhere small town USA we didn't have an internet service provider for a long time except the dial up which was so slow it wasn't worth it. So now I am behind and bad things keep happening to me. I have toolbars all the time that show up only in the search bars of websites like the one you see on the upper right hand side of this page they try to do that predictive text like thing but if I click on it I end up on some strange fetish page I didn't even know you could have a fetish for (400lb+ women with midgets) or it takes me to some site asking me to buy something that had nothing to do with my search. My pointer decides to smoke crack and get all jumpy, CPU usage 100% with no applications running, I can't use windows areo themes or set a picture as my background, my grandmother keeps getting emails from me telling here to check out some random sites, my task bar occasionally goes on vacation so I can't get to my programs, I get a lot of page not available messages when I try to go to websites, anytime I go to the microsoft page I can never go to contact us or live chat with support (page not available), getting new virus software or updates is a joke I have to restart the download about 10-15 times before it will finish, Windows defender (for all the good it did me) has been turned off and if I try to turn it on I get this message: A problem caused this program to stop running. It gives me the option to hit the start button again but again I am told that it cannot start, I have programs that just show up I try to use the add/remove programs to get rid of them but it just tells me that my installer is not installed properly, online virus scans say nothing is wrong, AVG Avira malware antimalware bytes bit defender microsoft security essentials all find nothing (I did not use all these programs or have all these programs installed at the same time) Avast has found about 50 infections (only after I changed the scan settings) but only gave me the option to fix 2 both classified as low risk Spy bot s&D found multiple items as well. I am so ready to toss my laptop out onto the highway! I do have a desk top as well and it runs "great" no noticeable problems but now it says my LAN is unplugged (it's not) I got a new card for it to see if maybe because it is an older computer maybe it just went out but no same issue. I have followed every how to and guide I can find but nothing helps. I am at a loss, I hope whoever designs these viruses gets a virus and I don't mean their computer.
Here are the scans this forum told me to run, as of yet I only have them for my laptop, but I guess one thing at a time:




DDS (Ver_10-12-05.01) - NTFSx86
Run by Amber at 16:11:19.24 on Sat 12/11/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1790.783 [GMT -7:00]


============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\alg.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\Program Files\DAP\DAP.EXE
C:\windows\system32\taskmgr.exe
C:\Program Files\Vuze\Azureus.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\StikyNot.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\windows\system32\mmc.exe
C:\windows\system32\wbengine.exe
C:\windows\System32\vds.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Users\Amber\Desktop\Security\dds.scr
C:\windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: AutorunsDisabled - No File
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint

ex\ewpexbho.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files

\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows

live\companion\companioncore.dll
BHO: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
BHO: Download Accelerator Plus Integration: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap

\DAPIEL~1.DLL
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex

\ewpexhlp.dll
TB: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex

\ewpexhlp.dll
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [BitTorrent] ; "c:\program files\bittorrent\BitTorrent.exe"
uRun: [Weather] ; c:\program files\aws\weatherbug\Weather.exe 1
mRun: [<NO NAME>]
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [AppleSyncNotifier] ; c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [AVG9_TRAY] ; c:\progra~1\avg\avg9\avgtray.exe
mRun: [CanonMyPrinter] ; c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] ; c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [dcmsvc] ; c:\program files\dcmsvc\dcmsvc.exe
mRun: [HWSetup] ; "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP
mRun: [iTunesHelper] ; "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] ; "c:\program files\malwarebytes' anti-malware\mbam.exe"

/runcleanupscript
mRun: [NortonOnlineBackupReminder] ; "c:\program files\toshiba\toshiba online backup\activation

\TobuActivation.exe" UNATTENDED
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows

live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows

live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:

\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:

\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-

us/wlscctrl2.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery

\AlbumDownloadProtocolHandler.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-23 39272]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25

42368]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-6-16 176128]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-9 17744]
R4 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-9 50768]
R4 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-9 165584]
R4 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-9 40384]
R4 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-9

40384]
R4 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-9 40384]
R4 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10

185712]
R4 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R4 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23

1493352]
R4 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-16 167936]
R4 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-11-21 98392]
R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert

\TosSmartSrv.exe [2009-8-3 111960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net

\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-19 136176]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [2009-11-4 24576]
S3 kcusbser;Kyocera USB Device for Legacy Serial Communication;c:\windows\system32\drivers\kcusbser.sys [2009-

11-3 105984]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-26

1343400]
S4 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13

229888]
S4 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-6-16 171520]
S4 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-6-16 51512]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010

-9-22 51040]

=============== Created Last 30 ================

2010-12-11 11:05:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-11 11:05:49 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-12-11 10:02:25 6273872 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates

\{9b9959ee-3e17-42dd-887a-b5ac27eda2a4}\mpengine.dll
2010-12-09 10:13:26 388096 ----a-r- c:\users\amber\appdata\roaming\microsoft\installer\{45a66726-

69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-12-09 10:13:22 -------- d-----w- c:\program files\Trend Micro
2010-12-09 09:55:16 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-12-09 09:54:42 38848 ----a-w- c:\windows\avastSS.scr
2010-12-09 09:54:32 -------- d-----w- c:\progra~2\Alwil Software
2010-12-09 02:44:59 -------- d-----w- c:\users\amber\appdata\roaming\GetRightToGo
2010-12-08 01:33:04 -------- d-----w- c:\program files\JanSoft
2010-12-08 00:18:45 -------- d-----w- c:\program files\Pixia
2010-12-07 21:51:59 -------- d-----w- c:\program files\Adventure Game Studio 3.1.2 SP1
2010-12-07 11:56:15 -------- d-----w- c:\program files\The Game Creators
2010-12-07 10:04:12 -------- d-----w- c:\program files\001
2010-12-07 09:26:37 -------- d-----w- c:\users\amber\appdata\roaming\Clickteam
2010-12-07 09:25:14 -------- d-----w- c:\program files\The Games Factory 2
2010-12-07 08:29:44 -------- d-----w- c:\program files\VioletPrincess
2010-12-07 05:19:31 -------- d-----w- c:\program files\HamSphere
2010-12-06 04:37:47 737072 ----a-w- c:\progra~2\microsoft\ehome\packages

\sportsv2\sportstemplatecore\Microsoft.MediaCenter.Sports.UI.dll
2010-12-06 04:36:26 4277016 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux

\updateablemarkup\markup.dll
2010-12-06 04:33:04 42776 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\dsm

\StartResources.dll
2010-12-06 04:32:51 588096 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight

\SpotlightResources.dll
2010-12-06 04:13:55 -------- d-----w- c:\program files\Avira
2010-12-06 04:13:55 -------- d-----w- c:\progra~2\Avira
2010-12-06 00:37:32 -------- d-----w- C:\perflogs
2010-12-05 23:59:26 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2010-12-04 10:54:09 995383 ----a-w- c:\windows\system32\temp.01E
2010-12-04 10:54:08 266293 ----a-w- c:\windows\system32\temp.01D
2010-12-04 10:54:08 -------- d-----w- c:\program files\kap.LST
2010-12-04 10:54:07 379152 ----a-w- c:\windows\system32\temp.01B
2010-12-04 10:54:07 30992 ----a-w- c:\windows\system32\temp.01C
2010-12-04 10:54:06 598288 ----a-w- c:\windows\system32\temp.016
2010-12-04 10:54:06 17920 ----a-w- c:\windows\system32\temp.017
2010-12-04 10:54:06 164112 ----a-w- c:\windows\system32\temp.019
2010-12-04 10:54:06 147728 ----a-w- c:\windows\system32\temp.018
2010-12-04 10:54:06 1384448 ----a-w- c:\windows\system32\temp.01A
2010-12-04 10:54:05 344064 ----a-w- c:\windows\system32\temp.015
2010-12-04 09:28:13 -------- d-----w- c:\users\amber\appdata\local\SpiceLogic_Consulting_and
2010-12-04 09:27:17 -------- d-----w- c:\users\amber\appdata\local\Xenocode
2010-12-02 04:56:35 -------- d-----w- c:\users\amber\appdata\roaming\SpiceLogic
2010-11-30 20:08:55 -------- dc-h--w- c:\progra~2\{7D4B3D1D-104E-4507-9123-568BC721B7E2}
2010-11-30 20:08:45 -------- d-----w- c:\program files\Transparent
2010-11-30 20:08:45 -------- d-----w- c:\progra~2\Transparent
2010-11-30 20:02:15 272384 ----a-w- c:\windows\system32\CNMLM9Y.DLL
2010-11-30 19:57:09 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-11-30 19:57:00 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-11-30 19:16:03 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-11-30 19:16:02 417792 ----a-w- c:\windows\system32\msdri.dll
2010-11-30 19:16:02 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-11-30 19:16:02 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-11-30 19:16:01 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-11-30 19:12:32 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-11-30 19:12:30 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-11-30 19:12:28 369152 ----a-w- c:\windows\system32\secproc.dll
2010-11-30 19:12:28 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-11-30 19:12:27 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-11-30 19:12:27 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-11-30 19:12:27 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-11-30 19:12:27 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-11-30 19:12:26 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-11-30 19:12:26 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-11-30 19:11:54 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-11-30 19:10:28 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-11-29 19:56:12 -------- d-----w- c:\program files\oDesk
2010-11-29 19:34:39 -------- d-----w- c:\users\amber\appdata\local\oDesk
2010-11-27 05:26:06 -------- d-----w- c:\windows\system32\Wat
2010-11-26 00:22:52 -------- d-----w- c:\users\amber\appdata\local\Apps
2010-11-25 05:20:03 -------- d--h--w- c:\windows\PIF
2010-11-24 05:38:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-11-24 05:34:54 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-11-24 05:34:54 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-11-24 05:34:54 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-11-24 05:34:54 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-11-24 05:34:54 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-11-24 05:16:49 -------- d-----w- c:\users\amber\appdata\local\Microsoft Help
2010-11-24 04:16:55 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-11-24 04:16:55 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2010-11-24 04:16:54 507568 ----a-w- c:\windows\system32\winload.exe
2010-11-24 04:16:54 442920 ----a-w- c:\windows\system32\winresume.exe
2010-11-24 04:10:50 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-11-24 04:10:50 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-11-24 04:09:56 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-11-24 04:09:56 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-11-24 04:05:21 2048 ----a-w- c:\windows\system32\tzres.dll
2010-11-24 04:03:25 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-11-24 04:03:25 1619968 ----a-w- c:\program files\windows mail\msoe.dll
2010-11-24 04:03:19 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-11-24 04:03:16 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-11-24 04:03:15 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-11-24 04:03:14 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-11-24 04:03:14 2614272 ----a-w- c:\windows\explorer.exe
2010-11-24 04:03:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-11-24 04:03:11 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-11-24 04:03:10 224256 ----a-w- c:\windows\system32\schannel.dll
2010-11-24 04:02:24 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-11-24 04:02:24 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-11-24 04:02:21 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-11-24 04:02:19 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-24 04:02:19 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-11-24 04:01:07 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-11-24 04:01:00 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-11-24 04:00:44 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-11-24 04:00:43 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-11-24 04:00:43 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-11-24 04:00:41 292864 ----a-w- c:\windows\system32\apphelp.dll
2010-11-24 04:00:40 34816 ----a-w- c:\windows\system32\msasn1.dll
2010-11-24 04:00:39 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-11-24 03:57:11 132608 ----a-w- c:\windows\system32\cabview.dll
2010-11-23 07:48:30 -------- d-----w- c:\program files\common files\OverDrive Shared
2010-11-23 06:07:18 -------- d-----w- c:\users\amber\appdata\roaming\PrimoPDF
2010-11-23 06:04:57 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2010-11-23 06:04:52 -------- d-----w- c:\program files\Nitro PDF
2010-11-23 04:57:40 26 ----a-w- c:\windows\dbrmdwb.bat
2010-11-23 04:57:39 894616 ----a-w- c:\windows\dbplugin.exe
2010-11-23 04:57:39 245840 ----a-w- c:\windows\system32\DNLEng.dll
2010-11-23 04:57:39 2327704 ----a-w- c:\windows\dbplugin.ocx
2010-11-23 04:57:39 2179072 ----a-w- c:\windows\npdbplug.dll
2010-11-23 03:16:09 -------- d-----w- c:\users\amber\appdata\roaming\eMusic
2010-11-23 03:16:09 -------- d-----w- c:\users\amber\appdata\local\eMusic
2010-11-22 01:57:21 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-22 01:57:21 27984 ----a-w- c:\windows\system32\sbbd.exe
2010-11-22 01:13:38 -------- d-----w- C:\EA
2010-11-21 04:18:55 57436 ----a-w- c:\windows\DASShp.dll
2010-11-21 04:18:55 217174 ----a-w- c:\program files\common files\microsoft shared\cleartype

\ctras.dll
2010-11-21 04:18:55 -------- d-----w- c:\program files\Microsoft Reader
2010-11-20 18:51:44 -------- d-----w- c:\progra~2\Screentime
2010-11-20 18:49:14 -------- d-----w- c:\users\amber\appdata\local\Screentime
2010-11-20 04:03:32 6273872 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates

\backup\mpengine.dll
2010-11-20 03:54:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-20 03:54:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-19 04:07:17 -------- d-----w- c:\progra~2\MFAData
2010-11-19 02:39:17 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-11-19 02:28:51 -------- dc-h--w- c:\progra~2\~0
2010-11-19 02:15:16 -------- d-----w- c:\windows\system32\Registry Patrol
2010-11-18 23:49:24 -------- d-----w- c:\users\amber\appdata\roaming\Azureus
2010-11-18 23:47:56 -------- d-----w- c:\program files\Vuze
2010-11-18 23:46:49 -------- d-----w- c:\program files\ConduitEngine
2010-11-18 22:18:40 -------- d-----w- c:\users\amber\appdata\roaming\Malwarebytes
2010-11-18 22:16:51 -------- d-----w- c:\progra~2\Malwarebytes
2010-11-18 22:16:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-18 22:10:36 -------- d-----w- c:\progra~2\SpeedBit
2010-11-18 22:10:25 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2010-11-18 22:10:23 -------- d-----w- c:\program files\DAP
2010-11-18 05:26:52 5732688 ----a-w- c:\progra~2\microsoft\windows defender\definition updates

\backup\mpengine.dll
2010-11-18 05:26:45 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates

\{9bda40af-5a6d-4b95-bb82-d69777520fa1}\mpengine.dll
2010-11-18 05:26:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-11-15 06:33:54 18944 ----a-r- c:\users\amber\appdata\roaming\microsoft\installer\{8f018a9e-

56de-4a79-a5ef-25f413f1d538}\IconBB6A16301.exe
2010-11-13 05:09:13 -------- d-----w- c:\progra~2\D102
2010-11-13 05:09:12 -------- d-----w- c:\users\amber\appdata\roaming\MusicNet
2010-11-13 04:25:10 -------- d-----w- c:\users\amber\appdata\local\PackageAware
2010-11-12 02:46:11 -------- d-----w- c:\program files\VideoLAN

==================== Find3M ====================

2010-10-19 05:30:35 106496 ----a-w- c:\windows\system32\ATL71.DLL
2010-09-23 07:47:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-23 07:32:56 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-21 21:03:14 208768 ----a-w- c:\windows\system32\LIVESSP.DLL

============= FINISH: 16:13:36.90 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:32 AM

Posted 19 December 2010 - 07:37 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 TechTardedAZ

TechTardedAZ
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Ajo, AZ
  • Local time:11:32 PM

Posted 19 December 2010 - 08:52 PM

i am here

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:32 AM

Posted 19 December 2010 - 09:00 PM

Please run TDSSKiller and MBRCheck

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


And


Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:32 AM

Posted 26 December 2010 - 09:29 PM

Hi,

I have not had a reply from you for 7 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:32 AM

Posted 27 December 2010 - 08:07 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users