Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus being blocked and files being blocked among other issues


  • This topic is locked This topic is locked
1 reply to this topic

#1 dakthur28

dakthur28

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:18 PM

Posted 22 March 2013 - 11:01 AM

The problem started a few days ago with our browsers running slow and sometimes timing out. I then started to notice that icons and menus looked slightly different and that administrator shield icons started showing up on files and icons also when clicking on buttons on menus such as windows update the menu would flicker.

   Was suspicious so checked processes and services and such and that's when I noticed that whenever something was downloaded off internet even just a web page link document under it's properties in the general tab at bottom it says this file came from another computer and has been blocked for your computers safety with a box to unblock it. I searched more and found a lot of files including my pictures that had three new users 2 named unknown with a long number beginning with S-1-0...... and another listed as UUID with a long number and ending saying Mcx1-my user name-PC which I know is my media extender for my Xbox but the other 2 users were never there. The last thing that has been happening is when I boot to safe mode with networking so I can try doing a scan with my main anti virus program the action center gives me a warning saying that Windows security center is disabled please enable it now, I go to services and click to start it and it immediately stops, I try to run a scan with my antivirus and it says it can't start without Windows security center being enabled.

    Don't know if these have anything to do with it but about a week ago my fiancées yahoo account was hacked which she deleted the account and never opened any e-mails and also I used Oracles virtual machine software so that I could try Windows 8 before I decided to buy it, didn't like windows 8 so I deleted the virtual machine and uninstalled the Oracle VM software. I did a number of scans and the only one that found anything was Malwarebytes which found 2 Trojan.Agents which it listed the extensions as mt_32.dll and Winload.dll and found Trojan Redir.Qoogle.xml, the Q is not a typo. Please help I can't afford to do a clean install I rely on this computer for college. My OS is Windows 7 home premium running on a HP pavilion with 6 GB ram and a quad core AMD processor. originally posted this on Am I infected forum and an advisor had me run a few log programs and scans. Junkware removal tool and Eset online scanner both ran but then stopped and hung for over an hour. doing some research online for a few of the problems found that on vista some of them are common but on Windows 7 no one has heard of it happening automatically, most referred to data streams and security and group policy changes. I have home premium therefore I don't have access to the policys snap in things are changing and being blocked on their own by something.

 

DDS log

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16521  BrowserJavaVersion: 10.17.2
Run by jen at 11:38:31 on 2013-03-22
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5887.4524 [GMT -4:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Bitdefender Antispyware *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall *Enabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender BETA\vsserv.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Bitdefender\Bitdefender BETA\updatesrv.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Bitdefender\Bitdefender BETA\bdagent.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\Bitdefender\Bitdefender BETA\pmbxag.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender BETA\Antispam32\pmbxie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender BETA\pmbxag.exe"
uRun: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender BETA\pwdmanui.exe" --hidden --nowizard
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [(default)] <no file>
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect125.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{13EA0707-71AA-4D97-A423-81A799669C5D} : DHCPNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Bitdefender Wallet 64-bit: {09F58E74-42B4-4D70-BA26-35FC954E7A17} - C:\Program Files\Bitdefender\Bitdefender BETA\pmbxie.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
x64-Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender BETA\bdagent.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2013-3-16 707528]
R0 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2013-3-19 145696]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2013-3-19 93160]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2013-3-19 103504]
R1 BDVEDISK;BDVEDISK;C:\Windows\System32\drivers\bdvedisk.sys [2013-3-16 76944]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 SafeBox;SafeBox;C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [2013-3-16 95184]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender BETA\updatesrv.exe [2013-3-19 68856]
R3 avchv;avchv Function Driver;C:\Windows\System32\drivers\avchv.sys [2013-3-6 261056]
R3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2013-3-16 589000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 bdfwfpf_pc;bdfwfpf_pc;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [2013-3-19 109056]
S3 BDSandBox;BDSandBox;C:\Windows\System32\drivers\bdsandbox.sys [2013-3-16 82384]
S3 PAC207;SoC PC-Camera;C:\Windows\System32\drivers\PFC027.SYS [2006-12-5 572416]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-6 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-6 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-3-6 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-6 1255736]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;C:\Program Files\Bitdefender\Bitdefender BETA\bdparentalservice.exe [2013-3-19 75584]
.
=============== Created Last 30 ================
.
2013-03-22 04:50:35 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2013-03-22 04:48:12 -------- d-----w- C:\Users\jen\AppData\Local\Secunia PSI
2013-03-22 04:47:58 -------- d-----w- C:\Program Files (x86)\Secunia
2013-03-22 00:19:42 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2013-03-21 20:05:14 -------- d-----w- C:\Windows\ERUNT
2013-03-21 20:04:49 -------- d-----w- C:\JRT
2013-03-21 03:03:30 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-21 03:03:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-20 04:02:27 -------- d-----w- C:\Windows\SysWow64\wbem\Performance
2013-03-19 11:03:59 -------- d-----w- C:\ProgramData\Affinegy
2013-03-19 07:36:53 451067 ----a-w- C:\ProgramData\1363678543.bdinstall.bin
2013-03-19 07:36:31 -------- d-----w- C:\Users\jen\AppData\Roaming\Bitdefender
2013-03-19 07:36:06 383048 ----a-w- C:\Windows\System32\drivers\trufos.sys
2013-03-19 07:36:05 145696 ----a-w- C:\Windows\System32\drivers\gzflt.sys
2013-03-19 07:01:25 55838 ----a-w- C:\ProgramData\1363676481.bdinstall.bin
2013-03-19 05:47:10 449275 ----a-w- C:\ProgramData\1363671878.bdinstall.bin
2013-03-19 05:19:44 -------- d-----w- C:\Users\jen\AppData\Roaming\HP Support Assistant
2013-03-19 05:15:48 -------- d-----w- C:\Users\jen\AppData\Local\Hewlett-Packard
2013-03-19 05:15:20 27456 ----a-w- C:\Windows\System32\drivers\cpqdfw.sys
2013-03-19 05:12:43 -------- d-----w- C:\Users\jen\AppData\Roaming\hpqLog
2013-03-19 05:12:11 -------- d-----w- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-03-19 05:11:54 -------- d-----w- C:\swsetup
2013-03-19 03:32:58 -------- d-----w- C:\Users\jen\AppData\Roaming\Malwarebytes
2013-03-19 03:32:26 -------- d-----w- C:\ProgramData\Malwarebytes
2013-03-19 03:29:01 477134 ----a-w- C:\ProgramData\1363663135.bdinstall.bin
2013-03-19 01:17:22 -------- d-----w- C:\ProgramData\LightScribe
2013-03-18 23:37:53 -------- d-----w- C:\Windows\pss
2013-03-18 21:40:10 -------- d-----w- C:\Users\jen\AppData\Roaming\WinBatch
2013-03-18 20:45:20 -------- d-----w- C:\ProgramData\Nero
2013-03-16 18:39:34 507122 ----a-w- C:\ProgramData\1363458800.bdinstall.bin
2013-03-16 18:36:32 76944 ----a-w- C:\Windows\System32\drivers\bdvedisk.sys
2013-03-16 18:36:30 93160 ----a-w- C:\Windows\System32\drivers\BdfNdisf6.sys
2013-03-16 18:36:30 82384 ----a-w- C:\Windows\System32\drivers\bdsandbox.sys
2013-03-16 18:36:21 589000 ----a-w- C:\Windows\System32\drivers\avckf.sys
2013-03-16 18:36:20 707528 ----a-w- C:\Windows\System32\drivers\avc3.sys
2013-03-16 18:33:31 -------- d-----w- C:\ProgramData\Bitdefender
2013-03-16 18:33:29 -------- d-----w- C:\Program Files\Bitdefender
2013-03-16 18:33:13 -------- d-----w- C:\Program Files\Common Files\Bitdefender
2013-03-16 18:33:12 -------- d-----w- C:\Program Files (x86)\Common Files\Bitdefender
2013-03-16 18:01:35 -------- d-----w- C:\Users\jen\AppData\Local\Adobe
2013-03-16 17:09:35 8192 ----a-w- C:\Windows\SysWow64\iisrstap.dll
2013-03-16 17:09:35 60928 ----a-w- C:\Windows\System32\ahadmin.dll
2013-03-16 17:09:35 55296 ----a-w- C:\Windows\System32\admwprox.dll
2013-03-16 17:09:35 50688 ----a-w- C:\Windows\SysWow64\admwprox.dll
2013-03-16 17:09:35 26624 ----a-w- C:\Windows\SysWow64\ahadmin.dll
2013-03-16 17:09:35 192000 ----a-w- C:\Windows\System32\iisRtl.dll
2013-03-16 17:09:35 16896 ----a-w- C:\Windows\System32\iisreset.exe
2013-03-16 17:09:35 154624 ----a-w- C:\Windows\SysWow64\iisRtl.dll
2013-03-16 17:09:35 15360 ----a-w- C:\Windows\SysWow64\iisreset.exe
2013-03-16 17:09:35 14848 ----a-w- C:\Windows\System32\wamregps.dll
2013-03-16 17:09:35 11264 ----a-w- C:\Windows\System32\iisrstap.dll
2013-03-16 17:09:35 10752 ----a-w- C:\Windows\SysWow64\wamregps.dll
2013-03-16 15:12:02 1550 ----a-w- C:\ProgramData\1363446722.bdinstall.bin
2013-03-16 14:38:35 -------- d-----w- C:\Users\jen\AppData\Local\VS Revo Group
2013-03-16 14:38:33 -------- d-----w- C:\ProgramData\VS Revo Group
2013-03-16 14:38:18 -------- d-----w- C:\Users\jen\AppData\Local\Programs
2013-03-16 14:08:05 1550 ----a-w- C:\ProgramData\1363442885.bdinstall.bin
2013-03-16 14:05:13 1550 ----a-w- C:\ProgramData\1363442713.bdinstall.bin
2013-03-16 14:04:16 -------- d-----w- C:\inetpub
2013-03-16 13:51:57 1550 ----a-w- C:\ProgramData\1363441917.bdinstall.bin
2013-03-16 13:10:09 1550 ----a-w- C:\ProgramData\1363439409.bdinstall.bin
2013-03-16 13:02:45 1550 ----a-w- C:\ProgramData\1363438965.bdinstall.bin
2013-03-16 13:02:27 1550 ----a-w- C:\ProgramData\1363438947.bdinstall.bin
2013-03-16 12:48:40 1550 ----a-w- C:\ProgramData\1363438120.bdinstall.bin
2013-03-16 12:48:08 1550 ----a-w- C:\ProgramData\1363438088.bdinstall.bin
2013-03-16 12:45:36 1550 ----a-w- C:\ProgramData\1363437936.bdinstall.bin
2013-03-16 12:45:26 1550 ----a-w- C:\ProgramData\1363437926.bdinstall.bin
2013-03-16 12:45:25 1550 ----a-w- C:\ProgramData\1363437925.bdinstall.bin
2013-03-16 12:45:24 1550 ----a-w- C:\ProgramData\1363437924.bdinstall.bin
2013-03-16 12:45:20 1550 ----a-w- C:\ProgramData\1363437920.bdinstall.bin
2013-03-16 11:28:20 1550 ----a-w- C:\ProgramData\1363433300.bdinstall.bin
2013-03-16 11:27:23 1550 ----a-w- C:\ProgramData\1363433243.bdinstall.bin
2013-03-16 11:26:52 1550 ----a-w- C:\ProgramData\1363433212.bdinstall.bin
2013-03-16 11:26:42 1550 ----a-w- C:\ProgramData\1363433202.bdinstall.bin
2013-03-16 11:26:41 1550 ----a-w- C:\ProgramData\1363433201.bdinstall.bin
2013-03-16 11:26:40 1550 ----a-w- C:\ProgramData\1363433200.bdinstall.bin
2013-03-16 11:26:39 1550 ----a-w- C:\ProgramData\1363433199.bdinstall.bin
2013-03-16 11:26:30 1550 ----a-w- C:\ProgramData\1363433190.bdinstall.bin
2013-03-16 11:20:52 1550 ----a-w- C:\ProgramData\1363432852.bdinstall.bin
2013-03-16 11:20:49 1550 ----a-w- C:\ProgramData\1363432849.bdinstall.bin
2013-03-16 11:20:48 1550 ----a-w- C:\ProgramData\1363432848.bdinstall.bin
2013-03-16 11:20:46 1550 ----a-w- C:\ProgramData\1363432846.bdinstall.bin
2013-03-16 11:20:42 1550 ----a-w- C:\ProgramData\1363432842.bdinstall.bin
2013-03-16 11:16:17 1550 ----a-w- C:\ProgramData\1363432577.bdinstall.bin
2013-03-16 11:15:51 1550 ----a-w- C:\ProgramData\1363432551.bdinstall.bin
2013-03-16 11:07:33 1550 ----a-w- C:\ProgramData\1363432053.bdinstall.bin
2013-03-16 11:05:17 1550 ----a-w- C:\ProgramData\1363431917.bdinstall.bin
2013-03-16 11:01:19 1550 ----a-w- C:\ProgramData\1363431679.bdinstall.bin
2013-03-16 11:01:05 1550 ----a-w- C:\ProgramData\1363431665.bdinstall.bin
2013-03-16 10:58:37 1550 ----a-w- C:\ProgramData\1363431517.bdinstall.bin
2013-03-16 10:35:09 1550 ----a-w- C:\ProgramData\1363430109.bdinstall.bin
2013-03-16 10:35:08 1550 ----a-w- C:\ProgramData\1363430108.bdinstall.bin
2013-03-16 10:35:03 1550 ----a-w- C:\ProgramData\1363430099.bdinstall.bin
2013-03-16 10:34:31 1550 ----a-w- C:\ProgramData\1363430071.bdinstall.bin
2013-03-16 10:32:45 1550 ----a-w- C:\ProgramData\1363429965.bdinstall.bin
2013-03-16 10:32:44 1549 ----a-w- C:\ProgramData\1363429964.bdinstall.bin
2013-03-16 10:32:43 1549 ----a-w- C:\ProgramData\1363429963.bdinstall.bin
2013-03-16 10:32:42 1550 ----a-w- C:\ProgramData\1363429962.bdinstall.bin
2013-03-16 10:32:40 1550 ----a-w- C:\ProgramData\1363429960.bdinstall.bin
2013-03-16 10:32:13 1550 ----a-w- C:\ProgramData\1363429933.bdinstall.bin
2013-03-16 10:31:34 1550 ----a-w- C:\ProgramData\1363429894.bdinstall.bin
2013-03-16 10:28:01 1550 ----a-w- C:\ProgramData\1363429681.bdinstall.bin
2013-03-16 10:27:41 1550 ----a-w- C:\ProgramData\1363429661.bdinstall.bin
2013-03-16 10:14:36 234337 ----a-w- C:\ProgramData\1363428720.bdinstall.bin
2013-03-16 09:59:50 478670 ----a-w- C:\ProgramData\1363427824.bdinstall.bin
2013-03-16 02:46:16 237840 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2013-03-16 02:46:04 120080 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2013-03-14 18:32:15 -------- d-----w- C:\Windows\PixArt
2013-03-14 17:52:52 -------- d-----r- C:\Program Files (x86)\Skype
2013-03-13 17:56:58 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-11 20:02:31 -------- d-----w- C:\Users\jen\AppData\Local\Macromedia
2013-03-11 19:58:52 -------- d-----w- C:\Users\jen\AppData\Local\Mozilla
2013-03-10 22:37:29 -------- d-----w- C:\Users\jen\AppData\Local\Diagnostics
2013-03-10 22:28:30 -------- d-----w- C:\Users\jen\AppData\Roaming\NVIDIA
2013-03-09 01:39:59 506728 ----a-w- C:\Windows\System32\d3dx10_34.dll
2013-03-08 17:09:05 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2013-03-08 17:09:04 -------- d-----w- C:\Program Files (x86)\Steam
2013-03-07 19:39:54 -------- d-----w- C:\Users\jen\AppData\Local\Microsoft Help
2013-03-07 16:31:00 -------- d-----w- C:\Users\jen\AppData\Local\ElevatedDiagnostics
2013-03-07 15:45:56 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-03-07 15:45:31 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-03-07 15:45:22 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-03-07 15:45:11 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-03-07 04:22:13 -------- d-----w- C:\ProgramData\Belkin
2013-03-07 04:10:19 -------- d-----w- C:\Program Files (x86)\Belkin
2013-03-07 04:05:15 -------- d-----w- C:\ProgramData\WEBREG
2013-03-07 04:04:21 249856 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfpp70w.dll
2013-03-07 04:02:59 -------- d-----w- C:\Program Files (x86)\Yahoo!
2013-03-07 04:02:46 -------- d-----w- C:\ProgramData\HP Photo Creations
2013-03-07 04:02:46 -------- d-----w- C:\Program Files (x86)\HP Photo Creations
2013-03-07 04:02:39 -------- d-----w- C:\Users\jen\AppData\Roaming\HpUpdate
2013-03-07 04:00:03 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2013-03-07 03:59:59 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard
2013-03-07 03:58:26 642360 ----a-w- C:\Windows\System32\hpzids40.dll
2013-03-07 03:58:21 136704 ----a-w- C:\Windows\System32\hpf3l70w.dll
2013-03-07 03:58:18 881664 ----a-w- C:\Windows\System32\hposwia_d02d.dll
2013-03-07 03:58:18 749056 ----a-w- C:\Windows\System32\hpost_d02d.dll
2013-03-07 03:58:18 551424 ----a-w- C:\Windows\System32\hppldcoi.dll
2013-03-07 03:58:18 516096 ----a-w- C:\Windows\System32\hposc_d02a.dll
2013-03-07 03:57:26 -------- d-----w- C:\Program Files (x86)\HP
2013-03-07 03:55:33 -------- d-----w- C:\Program Files\HP
2013-03-07 03:29:17 -------- d-----w- C:\Windows\SysWow64\Wat
2013-03-07 03:29:17 -------- d-----w- C:\Windows\System32\Wat
2013-03-07 03:27:20 -------- d-----w- C:\Windows\SysWow64\Adobe
2013-03-07 03:24:45 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-07 03:24:45 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-07 03:22:52 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-07 03:22:52 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-07 03:22:43 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-07 03:19:31 -------- d-----w- C:\Users\jen\AppData\Local\Google
2013-03-07 03:19:05 -------- d-----w- C:\Users\jen\AppData\Local\Apps
2013-03-07 03:19:04 -------- d-----w- C:\Users\jen\AppData\Local\Deployment
2013-03-07 02:59:50 -------- d-----w- C:\Windows\SysWow64\RTCOM
2013-03-07 02:59:50 -------- d-----w- C:\Program Files\Realtek
2013-03-07 02:57:21 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-03-07 02:57:21 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-03-07 02:57:21 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-03-07 02:57:21 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-03-07 02:51:33 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-03-07 02:51:33 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-03-07 02:51:33 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-03-07 02:51:32 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-03-07 02:51:32 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-03-07 02:51:32 100864 ----a-w- C:\Windows\System32\fontsub.dll
2013-03-07 02:51:04 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-03-07 02:51:04 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-03-07 02:51:03 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-03-07 02:51:03 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-03-07 02:51:03 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-03-07 02:51:03 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-03-07 02:51:03 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-03-07 02:50:05 704000 ----a-w- C:\Windows\System32\cohelper.dll
2013-03-07 02:50:05 6136 ----a-w- C:\Windows\System32\drivers\nvphy.bin
2013-03-07 02:49:41 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-03-07 02:49:41 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-03-07 02:49:41 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-03-07 02:49:41 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-03-07 02:49:41 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-03-07 02:44:53 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-03-07 02:43:59 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-03-07 02:33:53 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-03-07 02:33:53 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-03-07 02:33:53 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-03-07 02:33:53 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2013-03-07 02:33:53 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-03-07 02:33:53 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-03-07 02:33:29 77312 ----a-w- C:\Windows\System32\packager.dll
2013-03-07 02:33:29 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2013-03-07 02:30:25 -------- d-----w- C:\Users\jen\AppData\Local\vaughn06081975
2013-03-07 02:26:01 492297 ----a-w- C:\ProgramData\1362622579.bdinstall.bin
2013-03-07 02:24:04 -------- d-----w- C:\ProgramData\BDLogging
2013-03-07 02:23:58 511328 ----a-w- C:\Windows\capicom.dll
2013-03-07 02:23:57 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2013-03-07 02:23:56 261056 ----a-w- C:\Windows\System32\drivers\avchv.sys
2013-03-07 02:23:38 -------- d-sh--w- C:\Windows\Installer
2013-03-07 02:12:36 328922 ----a-w- C:\ProgramData\1362621964.bdinstall.bin
2013-03-07 02:10:20 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2013-03-07 02:10:03 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-03-07 02:10:03 63336 ----a-w- C:\Windows\System32\nvshext.dll
2013-03-07 02:10:03 6200680 ----a-w- C:\Windows\System32\nvcpl.dll
2013-03-07 02:10:03 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-03-07 02:10:03 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-03-07 02:10:03 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2013-03-07 02:09:50 60776 ----a-w- C:\Windows\System32\OpenCL.dll
2013-03-07 02:09:50 52584 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-03-07 02:09:28 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2013-03-07 02:09:22 -------- d-----w- C:\Program Files\NVIDIA Corporation
2013-03-07 02:06:29 -------- d-----w- C:\Users\jen\AppData\Roaming\QuickScan
2013-03-07 02:06:04 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-03-07 02:06:04 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-03-07 02:06:04 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-03-07 01:53:39 540192 ----a-w- C:\Windows\System32\nvuninst.exe
2013-03-07 01:47:08 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-03-07 01:29:52 -------- d-----w- C:\Windows\Panther
2013-02-20 20:34:58 131856 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2013-02-20 20:34:56 204048 ------w- C:\Windows\System32\VBoxNetFltNobj.dll
.
==================== Find3M  ====================
.
2013-03-07 01:52:41 9728 ----a-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH: 11:39:07.95 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:18 PM

Posted 25 March 2013 - 10:38 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
  • Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

    Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

    Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
    ===

    Third party programs if not up to date can be the cause of infiltration an infection.

    Please run this security check for my review.

    Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    ===

    Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

    Please download AdwCleaner
by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
  • Please post the logs for my review. Let me know what problem persists.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users