Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

no network but wireless works


  • This topic is locked This topic is locked
3 replies to this topic

#1 millerbean

millerbean

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 30 August 2012 - 10:22 PM

I was was asked to post here from http://www.bleepingcomputer.com/forums/topic466914.html

services.exe is running at 4.6gb and fan on computer runs like a jet, when i disable the network adapter fan
slows but services.exe still uses 4.7gb

after getting rid of security platinum, i cant get on the internet with the infected cpu, but my sons laptop

and other devices still work on wireless

Dell 435Mt 6gh, windows 7 64bit

ive tried to netsh winsock reset but get "access denied" even though i right click and run as admin

Malwarebytes scan nothing found

spybot search and destroy clean



here are the results of the dds scan also have another scan but it said not to post it unless asked for

please help


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by home at 20:10:39 on 2012-08-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.1114 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.goolge.com/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\frwqsl8z.default-1342902337463\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\home\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
.
============= SERVICES / DRIVERS ===============
.
R0 vididr;Acronis Virtual Disk;C:\Windows\system32\DRIVERS\vididr.sys --> C:\Windows\system32\DRIVERS\vididr.sys [?]
R0 vidsflt58;Acronis Disk Storage Filter (58);C:\Windows\system32\DRIVERS\vsflt58.sys --> C:\Windows\system32\DRIVERS\vsflt58.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-6 655944]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2012-3-12 386344]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-20 250056]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 GenericMount;Generic Mount Driver;C:\Windows\system32\DRIVERS\GenericMount.sys --> C:\Windows\system32\DRIVERS\GenericMount.sys [?]
S3 hitmanpro36;Hitman Pro 3.5 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro36.sys --> C:\Windows\system32\drivers\hitmanpro36.sys [?]
S3 MobileAdapter;Mobile Adapter USB Modem and USB Serial;C:\Windows\system32\DRIVERS\qscnusb.sys --> C:\Windows\system32\DRIVERS\qscnusb.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 113120]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 SymSnapService;SymSnapService;"C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe" --> C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vcd10bus;Virtual CD v10 Bus Enumerator;C:\Windows\system32\DRIVERS\vcd10bus.sys --> C:\Windows\system32\DRIVERS\vcd10bus.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
.
=============== Created Last 30 ================
.
2012-08-31 02:50:08 -------- d-----w- C:\Users\home\AppData\Local\{3F0C5C30-E065-417E-ACBF-FBBC8730AE93}
2012-08-31 01:49:56 -------- d-----w- C:\Windows\SysWow64\wbem\Performance
2012-08-31 01:47:49 303616 ----a-w- C:\SetACL.exe
2012-08-31 01:36:25 290304 ----a-w- C:\subinacl.exe
2012-08-31 01:14:24 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-08-31 01:14:20 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2012-08-31 00:58:31 -------- d-----w- C:\Users\home\AppData\Local\{12B25DE9-83FE-4109-B1D6-E01A17193E84}
2012-08-30 15:01:25 -------- d-----w- C:\Users\home\AppData\Local\{21E84420-17D1-4913-8D5D-C2C915A6AEFC}
2012-08-30 05:05:40 -------- d-----w- C:\Users\home\AppData\Local\{8824E46A-D568-41AA-BF24-56835FA41918}
2012-08-29 04:11:34 -------- d-----w- C:\Users\home\AppData\Roaming\Dekovir
2012-08-29 02:30:11 74344 ----a-w- C:\Windows\System32\RtNicProp64.dll
2012-08-29 02:30:11 726160 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2012-08-29 02:30:11 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2012-08-29 02:30:06 -------- d-----w- C:\Program Files (x86)\Realtek
2012-08-29 01:09:55 -------- d-----w- C:\979f673347fba2f9358c3e2012d68692
2012-08-29 00:10:16 -------- d-----w- C:\Windows\pss
2012-08-29 00:07:46 -------- d-----w- C:\64cffe020a57fa5211d92bc59a
2012-08-28 23:27:45 -------- d-----w- C:\Combo-Fix
2012-08-28 14:36:42 -------- d-----w- C:\Users\home\AppData\Local\{F95484E3-2185-429F-AB7A-98BFF5C5FBC8}
2012-08-28 12:39:26 98816 ----a-w- C:\Windows\sed.exe
2012-08-28 12:39:26 518144 ----a-w- C:\Windows\SWREG.exe
2012-08-28 12:39:26 256000 ----a-w- C:\Windows\PEV.exe
2012-08-28 12:39:26 208896 ----a-w- C:\Windows\MBR.exe
2012-08-27 22:58:06 -------- d-----w- C:\Users\home\AppData\Local\{FC5D9FE9-6BF1-46F0-868D-F691F025C01C}
2012-08-27 15:06:24 -------- d-----w- C:\Users\home\AppData\Local\{9E35B743-820B-4FA1-A78D-1936150BDD32}
2012-08-26 18:39:59 -------- d-----w- C:\Users\home\AppData\Local\{443857ED-749A-4BF0-8C90-FC5B2E3FCDAA}
2012-08-26 06:04:23 -------- d-----w- C:\Users\home\AppData\Local\{91CEEF83-D818-4D9F-955C-33FCA7335A2A}
2012-08-25 17:00:06 -------- d-----w- C:\Users\home\AppData\Local\{2218337E-47C8-4040-8618-984EB42C5D0E}
2012-08-25 04:34:45 -------- d-----w- C:\Users\home\AppData\Local\{3F3A162D-8ECF-4E54-918F-8DA999BAA82A}
2012-08-24 16:55:39 9309624 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0FDDB906-5BEA-4823-B168-F92FA043D9BB}\mpengine.dll
2012-08-24 14:50:19 -------- d-----w- C:\Users\home\AppData\Local\{07A71DB8-88D4-441C-943B-9327C1852600}
2012-08-23 22:39:21 -------- d-----w- C:\Users\home\AppData\Local\{4864F67D-522A-46EF-B421-43E72BF22ABB}
2012-08-23 03:16:44 -------- d-----w- C:\Users\home\AppData\Local\{41053150-BD61-4BC8-8E16-2D0B55A9C4B5}
2012-08-22 22:28:13 -------- d-----w- C:\Users\home\AppData\Roaming\dBpoweramp
2012-08-22 14:39:05 -------- d-----w- C:\Users\home\AppData\Local\{6B8AAA67-C9E8-4452-B9E1-9CD2D27FFA3F}
2012-08-22 12:02:56 -------- d-----w- C:\Users\home\AppData\Local\{7442C1CF-5551-4EBD-B0E3-6722CE2EA715}
2012-08-22 02:13:39 -------- d-----w- C:\ProgramData\Grey Alien Games
2012-08-21 22:15:41 -------- d-----w- C:\Users\home\AppData\Local\{9D805B3C-0BE0-43CC-ACB7-8269922CF475}
2012-08-19 16:33:18 -------- d-----w- C:\Users\home\AppData\Local\{F4646718-8202-430E-A1D2-4312941B8292}
2012-08-18 13:19:18 -------- d-----w- C:\Users\home\AppData\Local\{534553D0-8A89-4C7B-919A-3828437403AE}
2012-08-18 13:18:56 -------- d-----w- C:\Users\home\AppData\Local\{2204CB94-BA2E-4860-96EB-05335553FA46}
2012-08-18 06:02:49 -------- d-----w- C:\Program Files (x86)\Counter-Strike 1.6
2012-08-18 00:31:32 -------- d-----w- C:\Users\home\AppData\Local\{68D9389D-1699-4753-A399-3D0E8614F2AA}
2012-08-18 00:31:10 -------- d-----w- C:\Users\home\AppData\Local\{39AEDDEA-073C-4969-8FB6-B009F1A54238}
2012-08-17 03:05:53 -------- d-----w- C:\Users\home\AppData\Local\{BAF0CA1C-0894-4D01-9CFE-E95954CCD9A7}
2012-08-17 03:05:31 -------- d-----w- C:\Users\home\AppData\Local\{F1F57255-9CE2-4C1F-8CC2-00991939F7D0}
2012-08-16 15:02:10 -------- d-----w- C:\Users\home\AppData\Local\{0EF19ABE-1CED-4465-BF88-05983B9FA548}
2012-08-16 15:01:48 -------- d-----w- C:\Users\home\AppData\Local\{6C4AB79B-EB03-4AAF-9CD7-C7D54F31DC08}
2012-08-16 02:41:08 -------- d-----w- C:\Users\home\AppData\Local\{31C8FBBF-66CB-4F5D-B934-2B5C30F6E932}
2012-08-16 02:40:46 -------- d-----w- C:\Users\home\AppData\Local\{16889DA8-3D75-4394-9A64-265F20F34324}
2012-08-15 14:40:21 -------- d-----w- C:\Users\home\AppData\Local\{81A2E359-1A26-46A5-A4F3-EAA03B4BBC11}
2012-08-15 14:39:58 -------- d-----w- C:\Users\home\AppData\Local\{A3997F13-D253-4236-A7CD-4DCDD36A1DB4}
2012-08-15 05:49:08 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-15 05:49:08 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-15 05:49:03 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-15 05:49:03 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-15 05:49:03 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-15 05:49:03 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-15 05:46:41 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-15 05:46:41 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-15 05:46:41 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-15 05:46:39 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-15 05:46:37 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-15 00:48:55 -------- d-----w- C:\Program Files (x86)\LinuxLive USB Creator
2012-08-14 23:19:49 -------- d-----w- C:\Users\home\AppData\Local\{74A5C98E-7BD6-4D2F-BE14-B666BDF5787E}
2012-08-14 23:19:27 -------- d-----w- C:\Users\home\AppData\Local\{0DBE1028-E5DC-4714-97EF-9989AE4F7141}
2012-08-14 14:50:51 -------- d-----w- C:\Users\home\AppData\Local\{36A1FD02-D7AD-44E7-BCB8-D19E84D65B8D}
2012-08-13 21:15:09 -------- d-----w- C:\Users\home\AppData\Local\FalloutNV
2012-08-13 19:15:32 -------- d-----w- C:\Users\home\AppData\Local\{187367F6-C28D-401E-A970-AE71E16BD240}
2012-08-13 19:15:10 -------- d-----w- C:\Users\home\AppData\Local\{4F2271A1-3A1B-474E-AA3E-017CC2300225}
2012-08-13 05:10:39 -------- d-----w- C:\Users\home\AppData\Local\{5982DDE8-3C46-4C49-A4FA-5FE13DA287FE}
2012-08-13 05:10:17 -------- d-----w- C:\Users\home\AppData\Local\{CDFB0833-818F-461B-B865-EA8E4062CE1B}
2012-08-12 14:54:21 101376 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL
2012-08-12 14:43:23 -------- d-----w- C:\Users\home\AppData\Local\{32D15E76-F9DF-4E1A-BFA4-73EA72DA10BC}
2012-08-12 14:43:01 -------- d-----w- C:\Users\home\AppData\Local\{39C27383-CEA7-4C5B-82AC-1387DFF2B94F}
2012-08-11 13:42:25 -------- d-----w- C:\Users\home\AppData\Local\{A3F0224E-2344-4799-B0D8-F165A9104E97}
2012-08-11 13:42:11 -------- d-----w- C:\Users\home\AppData\Local\{99968846-51C3-4AB5-A9D8-2919D0EED160}
2012-08-10 14:39:06 -------- d-----w- C:\Users\home\AppData\Local\{565CF0FD-C31B-4EB4-970B-1ECE9558F641}
2012-08-10 14:38:44 -------- d-----w- C:\Users\home\AppData\Local\{EC8DFCE5-FB42-4D4C-AD41-296E2A45C5A3}
2012-08-10 02:38:17 -------- d-----w- C:\Users\home\AppData\Local\{2779DCAB-A3E4-4511-9782-288FC4A2BEF2}
2012-08-10 02:37:54 -------- d-----w- C:\Users\home\AppData\Local\{D59D192B-D3DB-4307-BD09-CB9E18E89819}
2012-08-09 06:06:22 -------- d-----w- C:\Users\home\AppData\Local\{38A03C4A-60E7-4EA0-8C22-C076FC3B27AD}
2012-08-09 06:06:00 -------- d-----w- C:\Users\home\AppData\Local\{3FFB4079-61EE-4354-B56B-302ADBFCDBD2}
2012-08-09 05:20:01 -------- d-----w- C:\Users\home\AppData\Local\{67318FC0-E638-44FD-BADD-4B15E1545B06}
2012-08-08 14:48:11 -------- d-----w- C:\Users\home\AppData\Local\{5C3D856F-D9EF-4629-9F03-FF579BC00991}
2012-08-08 14:47:49 -------- d-----w- C:\Users\home\AppData\Local\{8F5D4082-3D60-4725-B8A9-7E85E3F65344}
2012-08-08 11:55:24 -------- d-----w- C:\Users\home\AppData\Local\{15CD968F-D383-49E5-A34E-F805100D5CEF}
2012-08-08 04:32:38 -------- d-----w- C:\Users\home\AppData\Local\{455EF6B7-8B73-4D9C-858D-EBE70AF6ED5D}
2012-08-07 23:18:00 -------- d-----w- C:\Program Files (x86)\Oracle
2012-08-07 23:17:31 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-08-07 15:18:43 -------- d-----w- C:\e584d9d96572a83d43a23f0fe2a1
2012-08-07 15:13:08 -------- d-----w- C:\d619a65d3c6e45faf5ece9f8c5d858
2012-08-07 15:12:22 -------- d-----w- C:\Users\home\AppData\Local\{CEB176DD-E3DE-45B4-AC51-2C297D0E3242}
2012-08-07 15:11:55 -------- d-----w- C:\Users\home\AppData\Local\{1F2C6202-7BB8-4FB1-A6B9-9149CD5237CD}
2012-08-07 04:52:35 9309624 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-08-07 04:07:13 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-07 04:07:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-07 01:24:08 -------- d-----w- C:\Users\home\AppData\Local\{C0C22845-21B6-4A64-AF85-499D8FBD3DDB}
2012-08-07 01:23:46 -------- d-----w- C:\Users\home\AppData\Local\{DF8D6F89-AD4F-4DEA-A10D-C1CB3D98FD6E}
2012-08-07 00:42:11 56 ----a-w- C:\Windows\System32\SupportTool.exe.bat
2012-08-07 00:30:10 -------- d-----w- C:\Users\home\AppData\Local\{832E1622-B611-427F-A31B-C3FDB2C14024}
2012-08-07 00:27:41 -------- d-----w- C:\Program Files\CCleaner
2012-08-06 16:38:08 -------- d-----w- C:\Users\home\AppData\Local\{14850B7B-35DC-405F-A66F-3EA4A8C4A064}
2012-08-06 16:23:23 -------- d-----w- C:\Users\home\AppData\Local\ElevatedDiagnostics
2012-08-05 17:44:14 -------- d-----w- C:\Users\home\AppData\Local\{7EB9228D-CD27-4E60-9050-B31EF08E68A2}
2012-08-05 17:43:51 -------- d-----w- C:\Users\home\AppData\Local\{F863F52F-F7B9-4F65-978C-BA2C4BBD9DEE}
2012-08-04 16:58:25 -------- d-----w- C:\Users\home\AppData\Local\{20A7722A-0DC5-4F44-A3CF-4AF00509E93F}
2012-08-04 16:58:03 -------- d-----w- C:\Users\home\AppData\Local\{6FB426A1-9AC3-4F83-B355-4F5C85BD9283}
2012-08-04 04:57:35 -------- d-----w- C:\Users\home\AppData\Local\{31587B17-DE62-421C-8497-A59DADE55044}
2012-08-04 04:57:13 -------- d-----w- C:\Users\home\AppData\Local\{1FC12810-825B-497E-9470-F1133AF74D39}
2012-08-04 00:25:02 -------- d-----w- C:\Users\home\AppData\Local\{74C1C84A-F817-44D1-9395-FA1934954D76}
2012-08-03 23:43:49 -------- d-----w- C:\Users\home\AppData\Local\{EFEDDDD0-053F-41E8-9DBC-C659BA561CF1}
2012-08-03 23:43:25 -------- d-----w- C:\Users\home\AppData\Local\{7A534902-F3F5-4B77-B28E-0530D7FBA291}
2012-08-03 18:52:58 -------- d-----w- C:\Users\home\AppData\Roaming\Dropbox
2012-08-03 04:55:52 -------- d-----w- C:\Program Files (x86)\City Interactive
2012-08-02 23:27:34 -------- d-----w- C:\Users\home\AppData\Local\{C8F3B756-D280-4C10-AA54-F3DA8ECB3ABA}
2012-08-02 23:27:11 -------- d-----w- C:\Users\home\AppData\Local\{984E6E14-59F5-4995-BDAE-718B580ACEB6}
2012-08-01 16:18:55 -------- d-----w- C:\Users\home\AppData\Local\{1F893AC9-AF88-421A-A48E-8B968EB63BC8}
2012-08-01 16:18:33 -------- d-----w- C:\Users\home\AppData\Local\{F566680A-4973-4387-8FC5-8B2388B6F823}
.
==================== Find3M ====================
.
2012-08-15 13:32:05 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 13:32:05 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-07 15:43:29 955840 ----a-w- C:\Windows\System32\npdeployJava1.dll
2012-08-07 15:43:29 839096 ----a-w- C:\Windows\System32\deployJava1.dll
2012-07-11 02:52:41 30496 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys
2012-07-06 05:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-07 03:59:42 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 20:11:01.10 ===============

Edited by millerbean, 31 August 2012 - 05:49 PM.


BC AdBot (Login to Remove)

 


#2 millerbean

millerbean
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 01 September 2012 - 08:41 AM

Help all the way to page 8 and still no relpies

Help please

#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 PM

Posted 03 September 2012 - 05:38 AM

Hello, millerbean.
My name is etavares and I will be helping you with this log.

Here are some guidelines to ensure we are able to get your machine back under your control.

  • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!






Registry Cleaner Warning


I also see that you have a Ccleaner installed. It is a great tool that I use. However, be careful of the registry cleaning functionality (versus file cleaning), Here at BC, we do not recommend using registry cleaners as they don't speed up your computer and they can do more harm than good if they remove a legitimate entry. If you do use it, make sure to use a tool like ERUNT to back up your registry first. Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!

See here for more information:
http://www.bleepingcomputer.com/forums/index.php?showtopic=238799&st=0&p=1326578&#entry1326578







Trusted Zone Warning

Having trusted sites may not be a good idea. The reason why I say it's not a good idea is because the security settings for the internet is not extremely high and once you put a site in your trusted zone, basically almost anymore or thing, including hackers or other malicious software have full access to that site which can lead to hijacking that site and may even have access to your computer. Are you sure you trust a site to that degree?

It is recommended NOT to have ANY sites in your Trusted Zone unless the site requires it to function properly and you trust it very well. Other than that, it is not necessary for you to add any sites into the trusted zone. If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowingly permit this access yourself, then please remove those sites from your trusted zone.

They can be accessed in Internet Explorer via Tools>>Internet Options>>Security>>Trusted Zone>>Sites. Remove if there are any there.



Step 1


Please delete your copy of Combofix and download a new one.



Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.



Step 2

I don't see an Anti Virus Program running on your machine
  • Download and install an antivirus program, and make sure that you keep it updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Two good antivirus programs free for non-commercial home use are Avast! and Avira
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
    Note: Avira now includes the Ask.com Toolbar unless you choose not to install it. This means it is pre-checked by default and it is recommended that you uncheck that option during installation.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 PM

Posted 16 September 2012 - 05:47 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users