Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Right click at anything brings up Windows Installer


  • This topic is locked This topic is locked
5 replies to this topic

#1 LadyContessa

LadyContessa

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 17 April 2013 - 12:36 AM

I posted first in the "Am I infected? What do I do?" section and am advised to post here. I think it's okay if I'll just copy and paste the contents of my post here:

 

I already scanned my laptop using Avast! and there is no threat found. I remember having this very same problem with my other laptop a long time ago and asked help via an online forum. The guy who helped me had me run ComboFix and do some stuff and it is fixed. Now, I'm not quite sure if I still should run ComboFix since I know it's not safe to use it without proper knowledge.. I don't know if I have already given enough details but the only thing I observed is if I right click at anything, the Windows installer comes up then it tries to install something with a "Shredder".

Also, I would like to include here my other problem with my laptop. When my friend borrowed it and inserted his USB flash drive, the keys "5, 7, 9, -, and the bracket symbols" don't work anymore.

 

Here are my Attach.txt and DDS.txt results and thank you very much:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16470
Run by Acer at 13:15:29 on 2013-04-17
Microsoft Windows 7 Starter   6.1.7601.1.1252.1.1033.18.2036.843 [GMT 8:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bluetooth Suite\adminservice.exe
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files\Launch Manager\LMutilps32.exe
C:\Program Files\Acer\Registration\GREGsvc.exe
C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files\EgisTec IPS\PmmUpdate.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Bluetooth Suite\BtvStack.exe
C:\Program Files\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Acer\Android Manager\iSync.exe
C:\Program Files\Launch Manager\LMworker.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Updater\iUpdate.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\notepad.exe
C:\Program Files\GetRight\GetRight.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Acer\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Program Files\GreenTree Applications\YTD Video Downloader\ytd.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\NOTEPAD.EXE
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://acer.msn.com
uDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
uURLSearchHooks: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>
BHO: GetRight IE Helper: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - c:\program files\getright\xx2gr.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_3_300_268_Plugin.exe -update plugin
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SuiteTray] "c:\program files\egistec mywinlockersuite\x86\SuiteTray.exe"
mRun: [EgisTecPMMUpdate] "c:\program files\egistec ips\PmmUpdate.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AtherosBtStack] "c:\program files\bluetooth suite\BtvStack.exe"
mRun: [AthBtTray] "c:\program files\bluetooth suite\AthBtTray.exe"
mRun: [Power Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [iSyncData] c:\program files\acer\android manager\iSync.exe
mRun: [AndroidManager] c:\program files\acer\android manager\AML.exe
mRun: [iPatchData] c:\program files\acer\updater\iUpdate.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download with GetRight - c:\program files\getright\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office11\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\getright\GRbrowse.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{A5586F96-F7AD-44FA-96B3-F709D4F8FDBC} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{A5586F96-F7AD-44FA-96B3-F709D4F8FDBC}\26162736F6D616 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A5586F96-F7AD-44FA-96B3-F709D4F8FDBC}\452554E444E65647635313 : DHCPNameServer = 192.168.10.1
TCP: Interfaces\{A5586F96-F7AD-44FA-96B3-F709D4F8FDBC}\74C6F62656662756567596649604D4941414 : DHCPNameServer = 10.0.8.1
TCP: Interfaces\{A5586F96-F7AD-44FA-96B3-F709D4F8FDBC}\86F6C616F52756374716572716E647 : DHCPNameServer = 124.106.7.2 124.106.4.2
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\acer\appdata\roaming\mozilla\firefox\profiles\snxn4ow1.default\
FF - prefs.js: network.proxy.http - 110.142.196.145
FF - prefs.js: network.proxy.http_port - 51004
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_268.dll
FF - ExtSQL: 2013-03-28 02:24; {5384767E-00D9-40E9-B72F-9CC39D655D6F}; c:\users\acer\appdata\roaming\mozilla\firefox\profiles\snxn4ow1.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF - ExtSQL: 2013-04-12 12:55; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-4-12 49248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-4-12 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-4-12 368176]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2012-9-4 50296]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2011-5-12 19304]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2011-5-12 16744]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2011-5-12 62048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-4-12 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-4-12 66336]
R2 AtherosSvc;AtherosSvc;c:\program files\bluetooth suite\AdminService.exe [2011-1-21 72864]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-4-12 45248]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2011-5-12 352336]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2011-7-28 739944]
R2 GREGService;GREGService;c:\program files\acer\registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2011-5-12 13336]
R2 IconMan_R;IconMan_R;c:\program files\realtek\realtek pcie card reader\RIconMan.exe [2011-5-12 1755136]
R2 Live Updater Service;Live Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2011-5-12 255376]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2011-5-12 260640]
R3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-4-12 164736]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2011-1-21 24736]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2011-5-12 252520]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-5-12 327784]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\drivers\btath_flt.sys [2011-1-21 34976]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-1-21 258720]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2011-1-21 175776]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\drivers\btath_lwflt.sys [2011-1-21 49312]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2011-1-21 141088]
S3 BtFilter;BtFilter;c:\windows\system32\drivers\btfilter.sys [2011-1-21 241824]
S3 BthMtpEnum;Bluetooth MTP Device Enumerator;c:\windows\system32\drivers\BthMtpEnum.sys [2009-7-14 51200]
S3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files\common files\egistec\services\EgisTicketService.exe [2010-9-28 172912]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-23 51040]
.
=============== Created Last 30 ================
.
2013-04-16 20:54:56	60872	----a-w-	c:\programdata\microsoft\windows defender\definition updates\{2b31ef2e-5fd4-4b32-a1b6-cf054ec06e41}\offreg.dll
2013-04-16 20:44:38	7108640	----a-w-	c:\programdata\microsoft\windows defender\definition updates\{2b31ef2e-5fd4-4b32-a1b6-cf054ec06e41}\mpengine.dll
2013-04-15 20:01:02	--------	d-----w-	c:\program files\CCleaner
2013-04-12 06:03:25	2347008	----a-w-	c:\windows\system32\win32k.sys
2013-04-12 05:57:17	196328	----a-w-	c:\windows\system32\drivers\fvevol.sys
2013-04-12 05:47:11	3913560	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-12 05:47:10	69632	----a-w-	c:\windows\system32\smss.exe
2013-04-12 05:47:10	3968856	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-04-12 05:47:10	38912	----a-w-	c:\windows\system32\csrsrv.dll
2013-04-12 05:37:36	3217408	----a-w-	c:\windows\system32\mstscax.dll
2013-04-12 05:37:35	36864	----a-w-	c:\windows\system32\tsgqec.dll
2013-04-12 05:37:35	131584	----a-w-	c:\windows\system32\aaclient.dll
2013-04-12 04:56:26	--------	d-----w-	c:\users\acer\appdata\local\Google
2013-04-12 04:56:19	60656	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-04-12 04:56:18	765736	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-04-12 04:56:17	49248	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-04-12 04:56:17	164736	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-04-12 04:56:16	66336	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-04-12 04:49:44	73503	----a-w-	c:\programdata\1365742134.bdinstall.bin
2013-04-12 04:45:41	43770	----a-w-	c:\programdata\1365741879.bdinstall.bin
2013-04-12 04:44:51	41664	----a-w-	c:\windows\avastSS.scr
2013-04-12 04:44:37	22733	----a-w-	c:\programdata\1365741865.bdinstall.bin
2013-04-12 04:44:01	--------	d-----w-	c:\program files\AVAST Software
2013-04-12 04:42:16	--------	d-----w-	c:\programdata\AVAST Software
2013-04-11 11:51:18	--------	dc----w-	c:\users\acer\appdata\local\MigWiz
2013-04-09 19:01:52	--------	d-----r-	c:\program files\Skype
2013-04-09 17:36:06	241629	----a-w-	c:\programdata\1365528379.bdinstall.bin
2013-04-09 17:00:28	19454	----a-w-	c:\programdata\1365526819.bdinstall.bin
2013-04-09 16:59:33	18150	----a-w-	c:\programdata\1365526763.bdinstall.bin
2013-04-09 16:58:53	19454	----a-w-	c:\programdata\1365525454.bdinstall.bin
2013-04-09 16:27:41	19454	----a-w-	c:\programdata\1365524833.bdinstall.bin
2013-04-09 16:26:47	19453	----a-w-	c:\programdata\1365524775.bdinstall.bin
2013-04-09 16:24:39	24264	----a-w-	c:\programdata\1365524009.2708.bin
2013-04-09 16:14:19	--------	d-----w-	c:\users\acer\appdata\roaming\QuickScan
2013-04-09 16:13:55	506	----a-w-	c:\programdata\1365524009.244.bin
2013-04-09 16:13:55	2326	----a-w-	c:\programdata\1365524009.2384.bin
2013-04-09 16:13:55	2264	----a-w-	c:\programdata\1365524009.2248.bin
2013-04-09 16:13:52	11408	----a-w-	c:\programdata\1365524009.3320.bin
2013-04-09 16:13:35	26078	----a-w-	c:\programdata\1365524009.2560.bin
2013-04-09 16:13:34	3472	----a-w-	c:\programdata\1365524009.2336.bin
2013-04-09 16:13:29	34733	----a-w-	c:\programdata\1365524009.1400.bin
2013-04-09 15:32:34	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2013-04-09 15:32:34	1159680	----a-w-	c:\windows\system32\crypt32.dll
2013-04-09 15:32:34	103936	----a-w-	c:\windows\system32\cryptnet.dll
2013-04-08 20:20:14	34304	----a-w-	c:\windows\system32\atmlib.dll
2013-04-08 20:20:14	295424	----a-w-	c:\windows\system32\atmfd.dll
2013-04-08 12:36:49	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2013-04-08 12:36:44	712048	----a-w-	c:\windows\system32\drivers\ndis.sys
2013-04-08 12:36:44	33280	----a-w-	c:\windows\system32\drivers\RNDISMP.sys
2013-04-08 12:36:14	44032	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2013-04-08 12:36:14	193536	----a-w-	c:\windows\system32\dhcpcore6.dll
2013-04-08 11:57:04	1389568	----a-w-	c:\windows\system32\msxml6.dll
2013-04-08 11:46:36	1293672	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-04-08 11:46:35	187752	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-04-08 02:51:42	626688	----a-w-	c:\windows\system32\usp10.dll
2013-04-08 00:10:36	15872	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-04-08 00:09:01	172544	----a-w-	c:\windows\system32\wintrust.dll
2013-04-07 23:53:44	376832	----a-w-	c:\windows\system32\dpnet.dll
2013-04-07 23:53:41	492032	----a-w-	c:\windows\system32\win32spl.dll
2013-04-07 22:55:41	1211760	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-07 20:06:19	768000	----a-w-	c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-04-07 19:03:47	9728	----a-w-	c:\windows\system32\Wdfres.dll
2013-04-07 19:03:47	526952	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2013-04-07 19:03:47	47720	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2013-04-07 19:03:20	73216	----a-w-	c:\windows\system32\WUDFSvc.dll
2013-04-07 19:03:20	66560	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2013-04-07 19:03:20	172032	----a-w-	c:\windows\system32\WUDFPlatform.dll
2013-04-07 19:03:20	155136	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2013-04-07 19:03:18	613888	----a-w-	c:\windows\system32\WUDFx.dll
2013-04-07 19:03:18	38912	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2013-04-07 19:03:18	196608	----a-w-	c:\windows\system32\WUDFHost.exe
2013-04-07 19:03:10	542208	----a-w-	c:\windows\system32\kerberos.dll
2013-04-07 18:54:05	220160	----a-w-	c:\windows\system32\ncrypt.dll
2013-04-07 18:53:31	78336	----a-w-	c:\windows\system32\synceng.dll
2013-04-07 18:52:24	49152	----a-w-	c:\windows\system32\taskhost.exe
2013-04-07 18:20:19	2048	----a-w-	c:\windows\system32\tzres.dll
2013-04-07 15:07:08	169984	----a-w-	c:\windows\system32\winsrv.dll
2013-04-05 07:03:31	--------	d-----w-	c:\users\acer\appdata\local\ElevatedDiagnostics
2013-04-05 06:57:06	--------	d-----w-	c:\users\acer\appdata\local\AVG SafeGuard toolbar
2013-04-05 06:56:54	--------	d-----w-	c:\users\acer\appdata\roaming\TuneUp Software
2013-04-05 06:56:45	--------	d-----w-	c:\program files\common files\AVG Secure Search
2013-04-05 06:56:38	--------	d-----w-	c:\programdata\AVG SafeGuard toolbar
2013-04-05 06:56:10	--------	d-----w-	c:\programdata\AVG2013
2013-03-30 13:06:01	--------	d-----w-	c:\users\acer\appdata\roaming\calibre
2013-03-30 13:05:42	--------	d-----w-	c:\program files\Calibre2
2013-03-29 20:16:15	--------	d-----w-	c:\programdata\YTD Video Downloader
2013-03-29 20:16:11	--------	d-----w-	c:\program files\GreenTree Applications
2013-03-28 20:33:34	--------	d-----w-	c:\programdata\SoftSafe
2013-03-28 20:33:06	--------	d-----w-	c:\programdata\InstallMate
2013-03-27 19:32:01	--------	d-----w-	C:\Downloads
2013-03-27 19:04:04	--------	d-----w-	c:\programdata\GetRight
2013-03-27 19:03:33	--------	d-----w-	c:\users\acer\appdata\roaming\GetRight
2013-03-27 19:03:24	--------	d-----w-	c:\program files\GetRight
2013-03-26 00:06:08	--------	d-----w-	c:\users\acer\appdata\local\MFAData
2013-03-26 00:06:08	--------	d-----w-	c:\users\acer\appdata\local\Avg2013
.
==================== Find3M  ====================
.
2013-04-17 04:30:11	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-17 04:30:11	691592	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-03-11 17:10:56	237088	------w-	c:\windows\system32\MpSigStub.exe
2013-02-12 04:48:31	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-02-02 03:38:35	1800704	----a-w-	c:\windows\system32\jscript9.dll
2013-02-02 03:30:32	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2013-02-02 03:30:21	1129472	----a-w-	c:\windows\system32\wininet.dll
2013-02-02 03:26:47	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2013-02-02 03:26:21	420864	----a-w-	c:\windows\system32\vbscript.dll
2013-02-02 03:23:28	2382848	----a-w-	c:\windows\system32\mshtml.tlb
.
============= FINISH: 13:17:07.43 ===============

 

Attached Files



BC AdBot (Login to Remove)

 


#2 CStew23

CStew23

  • Members
  • 1,484 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:05 PM

Posted 21 April 2013 - 06:53 PM

Hello and Welcome to BleepingComputer Forums! welcome.gif
 
My name is Chris and and I will be helping you with your computer problems.
 
Before we begin, please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only! If you are not the original poster of this thread DO NOT run the fixes provided here.
  • Please do not run any tools until requested by myself or another member of Staff! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • If you stay with me, follow my instructions and ask questions when confused you'll be back up and running in no time smile.gif
  •  
    With that out of the way, please allow me some time to come up with an initial fix from the logs you've provided

    Please don't send help request via PM, unless I am already helping you. Use the forums!
    If you have not heard from me in 48 hours please use this and send me a PM reminder.

    #3 LadyContessa

    LadyContessa
    • Topic Starter

    • Members
    • 4 posts
    • OFFLINE
    •  
    • Local time:02:05 AM

    Posted 24 April 2013 - 01:05 PM

    Thanks Chris ^^v



    #4 CStew23

    CStew23

    • Members
    • 1,484 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:02:05 PM

    Posted 24 April 2013 - 08:02 PM

    Hi,
     
    Sorry for the delay. Do you have MyWinLocker installed? See - http://www.egistec.com/products/mywinlocker-3-plus.html
     
     
    Are you able to uninstall the software from Add/Remove Programs?
     
    I'd like to do a malware scan on your machine just for good measure:

    Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.
    • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
    Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
    • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself. Press the OK button and continue.
    • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
    • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
    • Click on the Scan button.
    • When the scan is complete, click OK, then click the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked and then click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab.
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
    • Exit Malwarebytes when done.
    Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

    -- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
    Please don't send help request via PM, unless I am already helping you. Use the forums!
    If you have not heard from me in 48 hours please use this and send me a PM reminder.

    #5 CStew23

    CStew23

    • Members
    • 1,484 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:02:05 PM

    Posted 29 April 2013 - 06:26 PM

    Hi,

    Are you still with us?
    Please don't send help request via PM, unless I am already helping you. Use the forums!
    If you have not heard from me in 48 hours please use this and send me a PM reminder.

    #6 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:02:05 PM

    Posted 02 May 2013 - 08:07 PM

    Due to the lack of feedback, this topic is now closed.

    In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

    Please include a link to your topic in the Private Message. Thank you.


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users