Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Programs Uninstalling Themselves, Etc.


  • This topic is locked This topic is locked
2 replies to this topic

#1 Gary's Girl

Gary's Girl

  • Members
  • 343 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Kentucky
  • Local time:12:13 AM

Posted 14 May 2011 - 03:53 AM

I was posting here: http://www.bleepingcomputer.com/forums/topic396892.html because I thought I had a windows problem. However, Broni said it sounds like a malware problem and wanted me to post here instead.

HP G72 Notebook; Windows 7 Home Premium 64 bit; Intel Pentium CPU P6100 @ 2.00GHz; 6 GB RAM; 300 GB HDD. The computer is barely 6 months old.

I co-pastor a small church and when I was preparing my sermon Wednesday, I discovered that my Bible program had been uninstalled - - there was a restore point set labelled "Uninstall E-Sword". Later that day, I found that SpywareBlaster was gone, too. I didn't uninstall either of them. Also, for a couple of days, google was directing me to a page asking me to type the squiggly letters to prove I'm not a robot because there was unusual traffic coming from my network.

First thing I did was to initiate System Restore; it seemed to be working; however, when the machine rebooted, it hadn't worked and the message said no files had been changed. So I tried a different point. Same result.

So, I posted in the Windows 7 forum. I've also run Ccleaner, Windows Security Essentials which came integrated in 7, SuperAntiSpyware, Malwarebytes, and Housecall. Downloaded and tried to run PCMatic from PCPitstop but the program won't let me register it so it can run. None of the scans that did run found anything more than some adware. But one of the other machines on our network was behaving strangely and I ran the scans on it and there were 2 rootkits on that one!

One more thing, the mouse cursor seems to have developed a mind of its own and takes spells of jumping around or disappearing altogether. Have even had to shut the machine down a few times with the power button and reboot to get the mouse cursor to come back.

I really do appreciate you taking time to look this over. Thanks so much.

I have a 64x system, so didn't do the gmer scan. Here's the DDS scan:

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Sharon Wright at 3:05:33.92 on Sat 05/14/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5942.4172 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
c:\windows\system32\CNGKeyLock.exe
C:\Windows\SysWOW64\servicescache.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Users\Sharon Wright\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sharon Wright\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Sharon Wright\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sharon Wright\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sharon Wright\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sharon Wright\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sharon Wright\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Sharon Wright\Downloads\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.foxnews.com/
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Sharon Wright\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
mRun: [PC Pitstop PC Matic Reminder] C:\Program Files (x86)\PCPitstop\PC Matic\Reminder-PCMatic.exe
dRunOnce: [Application Restart #2] C:\Program Files\Internet Explorer\iexplore.exe -restart /WERRESTART
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
mRun-x64: [avgnt]
mRun-x64: [UfSeAgnt.exe]
mRun-x64: [DPAgent]
mRun-x64: [Defender Pro Antiphishing Helper]
mRun-x64: [apvxdwin]
mRun-x64: [scaninicio]
mRun-x64: [G Data AntiVirus Tray Application]
mRun-x64: [GDFirewallTray]
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
mRun-x64: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
.
============= SERVICES / DRIVERS ===============
.
R0 akerneldrv;akerneldrv;C:\Windows\System32\drivers\akerneldrv64.sys [2011-1-1 15496]
R0 pcrasys;pcrasys;C:\Windows\System32\drivers\pcrasys64.sys [2011-1-1 16008]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-9-28 98208]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
R2 CNGKeyLock;CNG Key Isolation Service;C:\Windows\System32\CNGKeyLock.exe [2010-11-16 203016]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-28 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-3-5 363344]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
R2 systemCheck;SystemWindows;C:\Windows\SysWOW64\servicescache.exe [2010-11-16 6707464]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-9-28 2320920]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-3 271872]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-11-17 24152]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-26 40832]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R4 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-26 188928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-25 136176]
S2 MicrosoftHardwareDriver;MicrosoftHardwareDriver;C:\Windows\SysWOW64\sysDriverHardWare.exe [2011-3-5 6859016]
S2 SysCacheDriver;SysCacheDriver;C:\Windows\SysWOW64\sysSecurityCheck.exe [2010-11-16 6863112]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-11-18 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-25 136176]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [2011-5-14 91304]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-9-28 225280]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-9-28 333928]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-18 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-05-14 06:40:28 -------- d-----w- C:\PROGRA~3\PCPitstop
2011-05-14 06:39:51 -------- d-----w- C:\Program Files (x86)\PCPitstop
2011-05-13 20:51:04 8802128 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{21AF6631-89E0-4544-86D1-4F78AA45907D}\mpengine.dll
2011-05-12 04:41:49 -------- d-----w- C:\Program Files\Speccy
2011-05-11 03:24:28 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-11 03:24:27 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-11 03:24:27 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-11 03:13:48 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-05-11 03:13:48 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-05-11 03:13:47 99328 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-05-11 03:13:47 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-05-11 03:13:47 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-05-11 03:13:47 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-05-11 03:13:47 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-05-03 21:02:07 42776 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-05-03 21:01:55 539968 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-04-27 03:12:33 -------- d-----w- C:\Users\SHARON~1\AppData\Local\{83FF72D8-127D-41A1-AE2B-E4067E5E83FC}
2011-04-27 03:12:33 -------- d-----w- C:\Users\SHARON~1\AppData\Local\{1480A278-8DCB-4A49-8547-0ED693B2E64A}
2011-04-26 21:34:18 -------- d-----w- C:\Users\SHARON~1\AppData\Local\IsolatedStorage
2011-04-26 21:34:10 -------- d-----w- C:\Users\SHARON~1\AppData\Local\Ancestry.com
2011-04-26 21:29:57 -------- d-----w- C:\IExp1.tmp
2011-04-26 21:29:55 -------- d--h--w- C:\Windows\msdownld.tmp
2011-04-26 21:29:55 -------- d-----w- C:\Windows\RegisteredPackages
2011-04-26 21:29:55 -------- d-----w- C:\IExp0.tmp
2011-04-26 21:29:53 -------- d-----w- C:\Program Files (x86)\Windows Media Components
2011-04-26 21:24:46 -------- d-----w- C:\Program Files (x86)\Family Tree Maker 2011
2011-04-26 21:24:46 -------- d-----w- C:\Program Files (x86)\BCL Technologies
2011-04-26 04:49:38 -------- d-----w- C:\Users\SHARON~1\AppData\Roaming\InfraRecorder
2011-04-26 04:45:15 -------- d-----w- C:\Program Files (x86)\InfraRecorder
2011-04-26 04:33:05 737072 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-04-26 04:32:25 4283672 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-26 04:30:55 42776 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-04-26 04:30:51 539968 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-26 04:17:15 -------- d-----w- C:\Users\SHARON~1\AppData\Local\Sonic_Solutions
2011-04-25 14:17:25 -------- d-----w- C:\Program Files (x86)\Amazon
2011-04-20 18:48:06 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-04-20 18:48:06 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-04-20 18:47:57 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-04-20 18:47:57 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-04-20 18:47:52 3133440 ----a-w- C:\Windows\System32\win32k.sys
2011-04-20 18:47:36 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-04-20 18:47:35 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-04-20 18:47:35 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-04-20 18:47:35 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-04-20 18:47:18 401920 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-20 18:47:17 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-20 18:47:17 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-20 18:46:59 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-04-20 18:46:59 367104 ----a-w- C:\Windows\System32\atmfd.dll
2011-04-20 18:46:59 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-04-20 18:46:58 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-04-20 14:13:19 465160 ---h--w- C:\Windows\SysWow64\Windows Communicator 2.268.exe
.
==================== Find3M ====================
.
2011-04-13 22:40:10 4284416 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2011-03-12 12:03:46 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-12 11:31:58 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-11 06:23:13 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:23:06 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:23:06 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:23:06 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:23:00 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:22:41 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:22:40 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:18:20 2566144 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:15:54 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-03-11 05:39:35 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
2011-03-11 05:37:34 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-05 14:28:18 1318912 ---h--r- C:\Windows\SysWow64\BackupSys.exe
2011-03-05 14:28:13 8007680 ----a-w- C:\Windows\SysWow64\Microsoft.mshtml.dll
2011-03-05 14:28:13 104712 --sh--r- C:\Windows\SysWow64\FireWallDart.exe
2011-03-05 14:28:12 726016 ---h--r- C:\Windows\SysWow64\7z.dll
2011-03-05 14:28:12 256000 ---h--r- C:\Windows\SysWow64\SevenZipSharp.dll
2011-03-05 14:28:12 200704 ----a-w- C:\Windows\SysWow64\ICSharpCode.SharpZipLib.dll
2011-03-05 14:28:12 126976 ----a-w- C:\Windows\SysWow64\Interop.SHDocVw.dll
2011-03-05 14:27:37 18568 ----a-w- C:\Windows\System32\drivers\apcmci64.sys
2011-03-05 14:27:37 16008 ----a-w- C:\Windows\System32\drivers\pcrasys64.sys
2011-03-05 14:27:37 15496 ----a-w- C:\Windows\System32\drivers\akerneldrv64.sys
2011-03-05 14:27:35 6707464 ---h--r- C:\Windows\SysWow64\servicescache.exe
2011-03-05 14:25:31 203016 ---h--w- C:\Windows\System32\CNGKeyLock.exe
2011-03-05 14:25:30 6859016 --sh--r- C:\Windows\SysWow64\sysDriverHardWare.exe
2011-03-05 14:25:29 6863112 --sh--r- C:\Windows\SysWow64\sysSecurityCheck.exe
2011-03-04 06:17:25 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17:24 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:17:10 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:14:38 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:27:30 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-02-28 18:00:00 92672 ----a-w- C:\Windows\System32\ff_vfw.dll
2011-02-28 08:00:00 80896 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2011-02-26 06:23:14 2870272 ----a-w- C:\Windows\explorer.exe
2011-02-26 05:33:07 2614784 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-02-24 06:29:15 1197056 ----a-w- C:\Windows\System32\wininet.dll
2011-02-24 06:24:57 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-02-24 05:32:44 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-02-24 05:30:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-02-24 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec
2011-02-24 04:24:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-02-24 04:23:48 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-02-24 03:50:26 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-02-23 05:15:27 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-02-23 05:15:14 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-02-23 05:15:13 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-02-23 05:15:06 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-02-19 06:43:34 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 06:42:50 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 06:42:28 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 05:56:27 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 05:56:14 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-02-18 06:33:50 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-02-18 05:33:29 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2008-03-22 20:09:44 405504 --sh--r- C:\Windows\SysWOW64\vshadow.exe
2005-06-08 20:10:04 364032 --sh--r- C:\Windows\SysWOW64\vshadowamd64.exe
2008-03-22 20:13:24 352256 --sh--r- C:\Windows\SysWOW64\vshadowXP.exe
.
============= FINISH: 3:05:58.96 ===============

Thanks again for any suggestions!
Sharon

P. S. Adding this edit at 2:35 CST on Saturday: Using PCMatic, I've just discovered a trojan on one of the other computers on my network [Trojan.Crypt.Krap (v)]. Obviously, somehow things are getting through into my network, though I have AVG on the other 4 computers (this one came with MSE and wouldn't let me install AVG). Am surprised that anything got past AVG, as I've had really good success with it the past few years. Couple days ago, found 2 rootkits on one of the other computers.

Our personal computers are networked via a wireless routher with our work computers which are hardwired together - - 2 personal and three business computers. A couple months ago, my husband let a guy who was down on his luck stay here for almost a month. There were times he was here alone. I didn't think he was accessing my computers, but later found out he'd used the main computer in the office when I wasn't here. Wondering if he did something that might have made my systems vulnerable to attacks.

Don't know much about how networking actually works - - if something gets through and hits one computer on a network, does that mean all the units have been compromised?

Attached Files


Edited by HomesickInTexas, 14 May 2011 - 02:43 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:13 AM

Posted 25 May 2011 - 08:02 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:13 AM

Posted 30 May 2011 - 06:19 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users