Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Major Computer Issues Continued


  • This topic is locked This topic is locked
4 replies to this topic

#1 senck

senck

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 04 June 2012 - 09:17 PM

Here are the DDS Logs- DDS.txt & Attach.txt
I didn't run GMER since it's for 32-bit systems...

1) Do you not see a redirect issue? Or any other problems?
2) Why do I have both a Program Data & a Program Data (x86) folder?
3) Why a System 32 folder AND a SysWOW64 folder?
4) Also, whenever I attach an item anywhere- to an email, to this log- I get a box that pops up like 20 times that says: User Account Control (box title), Do you want the following programs to make changes to the computer? Then it has the Adobe Logo and says: Program Name: AcroRd32.exe, Verified Publisher: Adobe Systems Incorporated, File Origin: Hard drive on the computer- and a Yes or No box. When I click no, it keeps popping up.
4) I ran Network Diagnostics today and here is the info from the log:

Network Diagnostics Log
File Name: 2D553544-5E1B-44B0-9981-9EC7AD8DED3E.Diagnose.Admin.0.etl
Other Networking Configuration and Logs
File Name: NetworkConifguration.cab
Publisher Details
Windows Network Diagnostics
Detects problems with network connectivity.
Package Version: 1.0
Publisher: Microsoft Windows

DDS.txt Log
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by **** Family at 20:15:30 on 2012-06-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2466 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = https://google.com/
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx6900&r=27360910l200p0447y185k45l1r201
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx6900&r=27360910l200p0447y185k45l1r201
uInternet Settings,ProxyOverride = <local>;*.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {BB45EF8E-1E36-4535-A017-EC908FB1E335} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
{555d4d79-4bd2-4094-a395-cfc534424a05}
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
Trusted Zone: sharepoint.com\groundbreakinggolf
Trusted Zone: sharepoint.com\groundbreakinggolf-admin
Trusted Zone: sharepoint.com\groundbreakinggolf-my
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{02F5CC2E-66F5-4181-BDEC-24EA3F252B56} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{02F5CC2E-66F5-4181-BDEC-24EA3F252B56}\34862796370275561647865627C6972E08993702960586F6E656 : DhcpNameServer = 172.16.64.215 172.16.64.215
TCP: Interfaces\{EBAC6B79-3C39-4D16-B158-F7BE69404074} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{F9794247-33E7-4431-BC7B-0D85444A08E9} : DhcpNameServer = 172.16.64.215 172.16.64.215
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {BB45EF8E-1E36-4535-A017-EC908FB1E335} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 {60DB6561-0A84-4c94-AF33-288405CFD56D};Power Control [2010/05/07 09:13:34];C:\Program Files (x86)\CyberLink\PowerCinema Movie\000.fcl [2010-2-8 146928]
R2 msoidsvc;Microsoft Online Services Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2011-9-28 2078112]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?]
R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SWDUMon;SWDUMon;C:\Windows\system32\DRIVERS\SWDUMon.sys --> C:\Windows\system32\DRIVERS\SWDUMon.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S4 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-14 135664]
S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-14 135664]
S4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
S4 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-4-9 2320920]
S4 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-4-9 243232]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-06-05 00:51:11 33096 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2012-06-05 00:42:44 -------- d-----w- C:\Users\**** Family\AppData\Roaming\Malwarebytes
2012-06-05 00:42:08 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-05 00:42:06 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-05 00:42:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-04 23:25:36 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9E097A1B-BEB2-4832-A3A3-93FC22994ABB}\mpengine.dll
2012-06-03 23:40:24 8955792 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-03 04:01:16 98816 ----a-w- C:\Windows\sed.exe
2012-06-03 04:01:16 518144 ----a-w- C:\Windows\SWREG.exe
2012-06-03 04:01:16 256000 ----a-w- C:\Windows\PEV.exe
2012-06-03 04:01:16 208896 ----a-w- C:\Windows\MBR.exe
2012-06-01 04:53:59 -------- d-----w- C:\Users\**** Family\.shsh
2012-06-01 02:32:08 -------- d-----w- C:\Program Files (x86)\Oracle
2012-06-01 02:31:45 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-06-01 02:31:45 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-31 02:39:35 -------- d-----w- C:\Users\**** Family\AppData\Roaming\redsn0w
2012-05-30 20:12:04 -------- d-----w- C:\Documents
2012-05-29 02:37:58 -------- d-----w- C:\Users\**** Family\AppData\Local\libimobiledevice
2012-05-27 21:40:02 -------- d-----w- C:\Program Files\iPod
2012-05-27 21:40:01 -------- d-----w- C:\Program Files\iTunes
2012-05-27 21:40:01 -------- d-----w- C:\Program Files (x86)\iTunes
2012-05-27 21:38:26 -------- d-----w- C:\Program Files\Bonjour
2012-05-27 21:38:26 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-05-27 19:01:50 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-05-27 19:01:50 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1EA35E75-82E9-4173-AF57-C420E9E1D6AA}\gapaengine.dll
2012-05-27 05:01:12 -------- d-----w- C:\Users\**** Family\AppData\Roaming\AVG2012
2012-05-27 04:58:56 -------- d--h--w- C:\$AVG
2012-05-27 04:58:56 -------- d-----w- C:\ProgramData\AVG2012
2012-05-27 04:58:12 -------- d-----w- C:\Program Files (x86)\AVG
2012-05-27 04:49:46 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-27 04:49:45 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-27 04:49:43 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-27 04:49:42 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-27 04:49:41 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-27 04:49:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-27 04:49:01 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-27 04:48:39 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-27 04:48:37 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-27 04:48:37 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-27 04:48:37 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-27 04:48:36 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-27 04:48:36 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-26 22:41:30 -------- d-----w- C:\Windows\SysWow64\FxsTmp
2012-05-26 22:41:30 -------- d-----w- C:\Windows\System32\FxsTmp
2012-05-26 21:46:14 -------- d-----w- C:\Users\**** Family\AppData\Roaming\Tific
2012-05-26 21:46:14 -------- d-----w- C:\Users\**** Family\AppData\Local\tific
2012-05-26 21:43:48 -------- d-----w- C:\Program Files (x86)\Autorun Eater
2012-05-26 19:00:43 -------- d--h--w- C:\ProgramData\Common Files
2012-05-26 19:00:34 -------- d-----w- C:\ProgramData\MFAData
2012-05-26 03:33:33 -------- d-----w- C:\Program Files (x86)\OApps
2012-05-24 15:18:27 -------- d-----w- C:\TOOLS
2012-05-24 15:17:18 -------- d-----w- C:\Users\**** Family\AutoRecoverFiles
2012-05-22 20:53:45 -------- d-----w- C:\CCLeaner Reports
.
==================== Find3M ====================
.
2012-03-25 02:20:23 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-21 01:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-21 01:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
.
============= FINISH: 20:16:06.64 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 senck

senck
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 06 June 2012 - 10:12 AM

Bloopme...Are you there? I moved this over to this log as you directed 2 days ago...

#3 senck

senck
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 06 June 2012 - 10:09 PM

Help Please

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:16 AM

Posted 09 June 2012 - 07:11 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

1) Do you not see a redirect issue? Or any other problems?
This is the information we need from you to recommend remedial action.

2) Why do I have both a Program Data & a Program Data (x86) folder?
3) Why a System 32 folder AND a SysWOW64 folder?

This is all set the the operating system on 64 bit system. Do not change anything.

Your DDS log is clean.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review and let me know the nature of your problems with this computer.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:16 AM

Posted 15 June 2012 - 10:45 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users