Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ron ads by


  • This topic is locked This topic is locked
3 replies to this topic

#1 hbd944

hbd944

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 20 May 2011 - 09:12 PM

i have run mbam spy bot and super multiple times.
just updated them all and are running them again but i don't see success in the near feature with these programs.
im at a loss as to what to do next this thing keeps getting more an more annoying


Thank you for the time you spend aiding me on this problem



.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
Run by Desktop at 18:50:02 on 2011-05-20
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3839.1153 [GMT -7:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Windows\SysWOW64\CtHelper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\msiexec.exe
C:\Users\Desktop\Downloads\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Users\Desktop\Downloads\dds.scr
C:\Windows\SysWOW64\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: brincome browser plug-in: {351aa9cc-76d4-21cd-ad26-65b46f1463f5} - C:\Windows\SysWow64\xixrwvzgedyw.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Desktop\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
BHO: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [AdobeBridge]
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [heetmoxygo] C:\Windows\System32\regsvr32.exe /s "C:\Windows\SysWow64\xixrwvzgedyw.dll"
dRun: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UltraMon.lnk - C:\Windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download All By FlashGet3 - C:\Users\Desktop\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download By FlashGet3 - C:\Users\Desktop\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: kuaiche.com\software
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {AE5F8DCA-62AC-4FA0-A6C5-86D9D1117124} = 192.168.1.1
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
Hosts: 192.1689.1.2 localhost
Hosts: 173.58.245.48 localhost
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Desktop\AppData\Roaming\Mozilla\Firefox\Profiles\6p0c0hg0.default\
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
FF - plugin: C:\Users\Desktop\AppData\Roaming\Mozilla\Firefox\Profiles\6p0c0hg0.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-4-19 365568]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-3-27 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-3-27 269480]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\androidusb.sys --> C:\Windows\system32\Drivers\androidusb.sys [?]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-4-24 130976]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 UsbGps;LGE CDMA USB GPS NMEA Port;C:\Windows\system32\DRIVERS\lgx64gps.sys --> C:\Windows\system32\DRIVERS\lgx64gps.sys [?]
.
=============== Created Last 30 ================
.
2011-05-20 20:50:53 -------- d-----w- C:\Users\Desktop\.thumbnails
2011-05-20 20:48:26 -------- d-----w- C:\Users\Desktop\.gimp-2.6
2011-05-20 20:48:03 -------- d-----w- C:\Program Files (x86)\GIMP-2.0
2011-05-20 15:57:35 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3572C16F-E76B-4D38-BD70-41CA0702289D}\mpengine.dll
2011-05-17 01:30:58 98816 ----a-w- C:\Windows\sed.exe
2011-05-17 01:30:58 89088 ----a-w- C:\Windows\MBR.exe
2011-05-17 01:30:58 256512 ----a-w- C:\Windows\PEV.exe
2011-05-17 01:30:58 161792 ----a-w- C:\Windows\SWREG.exe
2011-05-17 01:30:55 -------- d-s---w- C:\ComboFix
2011-05-17 00:21:18 -------- d-----w- C:\Users\Desktop\AppData\Roaming\SUPERAntiSpyware.com
2011-05-17 00:21:18 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-05-17 00:21:14 -------- d-----w- C:\ProgramData\!SASCORE
2011-05-17 00:21:12 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-05-17 00:03:02 -------- d-----w- C:\Windows\pss
2011-05-17 00:00:00 -------- d-----w- C:\Program Files\CCleaner
2011-05-16 23:55:25 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-16 08:27:14 718336 ----a-w- C:\Windows\SysWow64\xixrwvzgedyw.dll
2011-05-14 10:36:27 439391 ----a-w- C:\Program Files (x86)\Drivers_pack_v4.55.63_fix.exe
2011-05-14 06:48:11 -------- d-----w- C:\Users\Desktop\AppData\Roaming\Avira
2011-05-14 06:12:32 50305 ----a-w- C:\Windows\SysWow64\udciaoivcpduny.exe
2011-05-14 06:12:30 419712 ----a-w- C:\Program Files (x86)\Drivers_pack_v3.25.63.exe
2011-05-14 06:10:49 93761 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Web Components\messenger.exe
2011-05-14 02:36:49 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-05-14 02:36:49 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-05-14 02:28:48 -------- d-----w- C:\Users\Desktop\AppData\Roaming\Malwarebytes
2011-05-14 02:28:44 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-14 02:28:43 -------- d-----w- C:\ProgramData\Malwarebytes
2011-05-14 02:28:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-14 02:28:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-13 07:44:38 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-05-12 05:41:51 -------- d-----w- C:\Users\Desktop\chliu.dvdcss
2011-05-12 05:41:29 -------- d-----w- C:\Users\Desktop\AppData\Roaming\Moyea
2011-05-12 05:41:29 -------- d-----w- C:\Users\Desktop\AppData\Roaming\Leawo
2011-05-12 05:41:08 606208 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2011-05-12 05:41:04 -------- d-----w- C:\Program Files (x86)\Leawo
2011-05-12 05:03:16 -------- d-----w- C:\Program Files (x86)\YouTube Downloader
2011-05-12 05:00:25 -------- d-----w- C:\Users\Desktop\AppData\Roaming\Xilisoft
2011-05-12 04:59:58 -------- d-----w- C:\ProgramData\Xilisoft
2011-05-12 04:59:58 -------- d-----w- C:\Program Files (x86)\Xilisoft
2011-05-12 04:53:25 -------- d-----w- C:\Program Files (x86)\AVI to 3GP
2011-05-12 04:50:33 -------- d-----w- C:\Users\Desktop\AppData\Roaming\Regensoft
2011-05-10 23:25:50 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-10 23:25:49 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-10 23:25:49 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-10 23:25:47 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-05-10 23:25:47 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-05-10 23:25:47 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-05-10 23:25:47 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-05-10 23:25:47 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-05-10 23:25:47 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-05-07 22:20:03 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-05-07 22:20:03 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2011-05-07 22:20:03 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2011-05-07 22:19:26 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-05-07 22:19:26 -------- d-----w- C:\Program Files\iPod
2011-05-07 22:19:26 -------- d-----w- C:\Program Files (x86)\iTunes
2011-05-07 22:19:25 -------- d-----w- C:\Program Files\iTunes
2011-05-04 15:55:04 93761 ----a-w- C:\messenger.exe
2011-05-03 08:09:54 -------- d-----w- C:\Users\Desktop\AppData\Roaming\WindSolutions
2011-05-03 08:09:54 -------- d-----w- C:\ProgramData\WindSolutions
2011-05-03 07:16:36 -------- d-----w- C:\Downloads
2011-05-03 07:16:22 -------- d-----w- C:\Users\Desktop\AppData\Roaming\FlashGet
2011-05-03 07:16:22 -------- d-----w- C:\Users\Desktop\AppData\Roaming\BITS
2011-05-03 07:16:19 -------- d-----w- C:\Users\Desktop\AppData\Roaming\FlashGetBHO
2011-05-03 07:16:17 -------- d-----w- C:\Program Files (x86)\FlashGet Network
2011-05-03 07:06:35 -------- d-----w- C:\Users\Desktop\AppData\Roaming\Red Kawa
2011-05-01 06:56:48 892928 ----a-w- C:\Windows\SysWow64\iconv.dll
2011-05-01 06:56:48 675840 ----a-w- C:\Windows\SysWow64\ac3filter.ax
2011-05-01 06:56:48 139264 ----a-w- C:\Windows\SysWow64\xvid.ax
2011-05-01 06:56:46 -------- d-----w- C:\Program Files (x86)\Aimersoft
2011-05-01 06:46:32 -------- d-----w- C:\Program Files (x86)\E-Zsoft
2011-05-01 06:39:26 -------- d-----w- C:\Users\Desktop\AppData\Local\Geckofx
2011-05-01 06:39:13 -------- d-----w- C:\Program Files (x86)\Regensoft
2011-05-01 06:39:11 -------- d-----w- C:\Program Files (x86)\AviSynth 2.5
2011-05-01 06:39:08 -------- d-----w- C:\Program Files (x86)\Red Kawa
2011-05-01 06:34:11 -------- d-----w- C:\Users\Desktop\AppData\Roaming\MoveFab
2011-05-01 04:26:44 -------- d-----w- C:\Program Files (x86)\TeamViewer
2011-04-29 21:59:57 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-04-29 21:59:54 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-04-29 21:53:12 -------- d-----w- C:\Program Files (x86)\EA Games
2011-04-26 08:16:53 -------- d-----w- C:\PXE
2011-04-26 07:29:09 -------- d-----w- C:\Program Files (x86)\Tftpd32
2011-04-26 05:21:27 -------- d-----w- C:\Program Files (x86)\LiveUSB Creator
2011-04-25 08:02:59 72200 ----a-w- C:\Windows\System32\XAPOFX1_1.dll
2011-04-25 08:01:28 -------- d--h--w- C:\Windows\msdownld.tmp
2011-04-25 08:01:22 -------- d-----w- C:\Windows\SysWow64\directx
2011-04-25 07:32:17 -------- d-----w- C:\Program Files (x86)\MadOnion.com
2011-04-25 07:29:57 306688 ----a-w- C:\Windows\IsUninst.exe
2011-04-25 06:47:55 -------- d-----w- C:\ProgramData\Futuremark
2011-04-25 06:44:12 -------- d-----w- C:\Program Files (x86)\Futuremark
2011-04-25 06:44:08 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2011-04-25 06:44:04 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-04-25 06:13:54 -------- d-----w- C:\Users\Desktop\AppData\Local\IsolatedStorage
2011-04-25 06:13:53 -------- d-----w- C:\Users\Desktop\AppData\Local\Futuremark_Corporation
2011-04-25 03:15:26 21992 ----a-w- C:\Windows\System32\drivers\cpuz135_x64.sys
2011-04-25 03:15:26 -------- d-----w- C:\Program Files\CPUID
2011-04-22 10:57:10 -------- d-----w- C:\Users\Desktop\.android
2011-04-22 10:56:43 -------- d-----w- C:\Program Files (x86)\Android
2011-04-22 10:54:59 33792 ----a-w- C:\Windows\System32\drivers\lgx64modem.sys
2011-04-22 10:54:59 27136 ----a-w- C:\Windows\System32\drivers\lgx64gps.sys
2011-04-22 10:54:59 27136 ----a-w- C:\Windows\System32\drivers\lgx64diag.sys
2011-04-22 10:54:59 17920 ----a-w- C:\Windows\System32\drivers\lgx64bus.sys
2011-04-22 10:54:58 -------- d-----w- C:\Program Files (x86)\LG Electronics
2011-04-22 10:54:48 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-04-22 10:54:48 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-04-22 10:54:48 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-04-22 10:54:48 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-04-22 10:54:48 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-04-22 10:45:21 -------- d-----w- C:\Users\Desktop\AppData\Local\{64A3A4F2-B792-11D6-A78A-00B0D0150220}
2011-04-22 10:10:36 -------- d-----w- C:\Windows\WindowsMobile
2011-04-22 09:07:05 -------- d-----w- C:\ruu_log
2011-04-22 08:58:22 -------- d-----w- C:\Users\Desktop\AppData\Roaming\Dropbox
.
==================== Find3M ====================
.
2011-04-22 07:59:46 708168 ----a-w- C:\Windows\System32\WinUSBCoInstaller.dll
2011-04-22 07:59:46 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
2011-04-20 05:10:34 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-04-20 05:10:32 59904 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-04-20 05:10:22 53760 ----a-w- C:\Windows\System32\OpenCL.dll
2011-04-20 05:10:18 51712 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-04-20 05:10:14 16116224 ----a-w- C:\Windows\System32\amdocl64.dll
2011-04-20 05:10:02 12385280 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-04-20 02:44:48 9319936 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-04-20 02:30:16 22900736 ----a-w- C:\Windows\System32\atio6axx.dll
2011-04-20 02:09:18 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-04-20 02:09:04 676864 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-04-20 02:07:46 795648 ----a-w- C:\Windows\System32\aticfx64.dll
2011-04-20 02:07:02 17693184 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-04-20 02:05:08 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-04-20 02:04:54 480256 ----a-w- C:\Windows\System32\atieclxx.exe
2011-04-20 02:04:18 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-04-20 02:03:04 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-04-20 02:02:48 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-04-20 02:02:42 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-04-20 02:02:30 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-04-20 02:02:24 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2011-04-20 02:02:20 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-04-20 02:02:16 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-04-20 01:59:20 4161536 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-04-20 01:49:30 4951552 ----a-w- C:\Windows\System32\atidxx64.dll
2011-04-20 01:46:16 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-04-20 01:46:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-04-20 01:46:04 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-04-20 01:46:02 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-04-20 01:45:52 7768064 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-04-20 01:42:04 6389760 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-04-20 01:40:48 1222656 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-04-20 01:40:14 1923584 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-04-20 01:40:02 3868672 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-04-20 01:38:04 4286464 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-04-20 01:31:12 5440000 ----a-w- C:\Windows\System32\atiumd64.dll
2011-04-20 01:30:36 4056576 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-04-20 01:27:00 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-04-20 01:23:12 366080 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-04-20 01:23:06 262144 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-04-20 01:22:54 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-04-20 01:22:52 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-04-20 01:22:52 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-04-20 01:22:48 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-04-20 01:22:40 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-04-20 01:22:32 306176 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-04-20 01:21:44 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-04-20 01:21:38 31232 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-04-20 01:21:32 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-04-20 01:21:24 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-04-20 01:20:50 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-04-20 01:13:36 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2011-04-20 01:13:36 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-04-20 01:13:28 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-04-20 01:13:28 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-04-10 03:28:08 870683 ----a-w- C:\Windows\PlagiarismFinder 2.0 Uninstaller.exe
2011-04-06 23:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
2011-04-06 23:26:58 69408 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-04-06 23:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll
2011-04-06 23:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2011-04-06 23:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-04-06 23:20:16 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-04-06 23:20:16 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-04-06 23:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-03-27 19:53:24 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-03-27 19:53:23 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-03-27 07:11:37 0 ----a-w- C:\Windows\ativpsrm.bin
2011-03-27 07:09:10 431104 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-03-27 07:09:10 409600 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-03-27 07:09:10 136192 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-03-27 07:09:10 114688 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-03-12 12:08:49 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-12 11:23:45 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-11 06:41:37 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:41:34 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:41:34 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:41:34 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:41:26 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:41:12 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:41:12 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:33:29 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:30:28 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2011-03-11 05:31:07 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-07 06:31:44 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-03-07 05:33:13 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-03-07 04:24:34 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-03-07 03:52:25 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-03-04 21:37:12 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2011-03-04 06:19:28 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19:27 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
.
============= FINISH: 18:51:58.65 ===============

Edited by hbd944, 20 May 2011 - 09:39 PM.


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:24 AM

Posted 21 May 2011 - 04:48 AM

Hello hbd944 ! Welcome to BleepingComputer Forums! :welcome:

My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.



:step1:



We need to run an OTL Custom Scan


  • Please download OTL from the link below:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • OTL should now start. Change the following settings:
    - Click on Scan All Users checkbox given at the top.Posted Image
    - Under File Scans, change File age to 90
    - Under the Standard Registry box change it to All
    - Check the boxes beside LOP Check and Purity Check.
  • Copy and Paste the following code into the Posted Image textbox.
    netsvcs
    %SYSTEMDRIVE%\*.*
    %USERPROFILE%\*.*
    %USERPROFILE%\AppData\Local\*.*
    %USERPROFILE%\AppData\Roaming\*.*
    %ProgramData%\*.*
    %CommonProgramFiles%\*.*
    %PROGRAMFILES%\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    /md5start
    hlp.dat
    winlogon.exe
    wininit.exe
    userinit.exe
    explorer.exe
    volsnap.sys
    /md5stop
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


:step2:



Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Please include the following logs in your next reply:

  • OTL.txt and Extra.txt
  • aswMBR.txt



Regards,
Georgi

cXfZ4wS.png


#3 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:24 AM

Posted 26 May 2011 - 05:35 AM

Hi hbd944,



It's been several days. Do you still need help on this?
This thread will be closed if you don't respond within 48 hours.



Regards,
Georgi

cXfZ4wS.png


#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:24 AM

Posted 29 May 2011 - 09:00 PM

Due to the lack of feedback, this topic is now closed.
In the event you still have problems, please send a Private Message to any Moderator or the Malware Helper who replied to you here and ask them to reopen this topic within the next 5 days.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users