Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

Puter/Browser is 'Hijacked' Cursor Does Not Appear...

This is a discussion on Puter/Browser is 'Hijacked' Cursor Does Not Appear... within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. ...and cannot move down page for frames of ten seconds at a time. It was suggested in my post I


Closed Thread
 
Thread Tools Search this Thread
Old 11-01-2011, 07:26 PM   #1
Registered Member
 
Join Date: Oct 2011
Posts: 43
OS: Windows 7



...and cannot move down page for frames of ten seconds at a time. It was suggested in my post I had a virus after I posted a toolbar app log, then a rep at a computer store said the same when I said I "tried"using microsoft security but got tons of pop ups.

thanks most gratefully, Eric

1. DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Eric at 22:14:10 on 2011-11-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.4659 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\SpywareGuard\sgmain.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\SpywareGuard\sgbhp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\wscript.exe
C:\Windows\System32\wscript.exe
C:\Windows\System32\wscript.exe
C:\Windows\System32\wscript.exe
C:\Windows\System32\wscript.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\wscript.exe
C:\Windows\System32\wscript.exe
C:\Windows\System32\wscript.exe
C:\Windows\System32\wscript.exe
C:\Windows\System32\wscript.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Windows\System32\wscript.exe
C:\Windows\System32\wscript.exe
C:\Windows\System32\wscript.exe
C:\Windows\System32\wscript.exe
C:\Windows\System32\wscript.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-tyc8
mStart Page = hxxp://www.yahoo.com/?fr=fp-tyc8
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - C:\Program Files (x86)\Shareaza\RazaWebHook32.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
StartupFolder: C:\Users\Eric\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SPYWAR~1.LNK - C:\Program Files (x86)\SpywareGuard\sgmain.exe
StartupFolder: C:\Users\Eric\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\YAHOO!~1.LNK - C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 68.87.73.246 68.87.71.230
TCP: Interfaces\{73081B24-3EC4-44C7-9D4E-AEF1628B5A02} : DhcpNameServer = 68.87.73.246 68.87.71.230
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Shareaza Web Download Hook: {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files (x86)\Shareaza\RazaWebHook32.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: SpywareGuardDLBLOCK.CBrowserHelper: {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll
BHO-X64: SpywareGuard Download Protection - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: SpywareGuard.Handler: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-9-12 5265248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-1-25 92216]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 copperhd;Razer Copperhead Driver;C:\Windows\system32\drivers\copperhd.sys --> C:\Windows\system32\drivers\copperhd.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech Webcam 600(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-7 136176]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-7 136176]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-10-28 01:01:34 -------- d-----w- C:\ProgramData\Farm Frenzy
2011-10-26 10:57:37 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2011-10-26 10:56:54 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-10-26 10:51:10 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BE792FC8-7538-429C-8707-0E7D641EEE5B}\mpengine.dll
2011-10-26 10:15:43 2540688 ----a-w- C:\Program Files\AVG 2012 Removal Tool.exe
2011-10-26 08:25:16 -------- d-----w- C:\Users\Eric\AppData\Local\StickyNotes
2011-10-26 08:24:33 -------- d-----w- C:\Program Files\StickyNotes
2011-10-26 07:32:44 3900592 ----a-w- C:\Program Files\AVG Free 2012 Install File.exe
2011-10-23 12:50:24 -------- d-----w- C:\Program Files\Toolbarcop
2011-10-20 1858 -------- d-----w- C:\Program Files\Speccy
2011-10-19 18:36:58 -------- d-----w- C:\Program Files (x86)\Shareaza
2011-10-19 18:14:29 -------- d-----w- C:\ProgramData\Recovery
2011-10-19 18:09:52 -------- d-----w- C:\Users\Eric\AppData\Local\Shareaza
2011-10-19 18:09:44 -------- d-----w- C:\Users\Eric\AppData\Roaming\Shareaza
2011-10-19 18:05:04 -------- d-----w- C:\Users\Eric\AppData\Local\PackageAware
2011-10-19 18:03:07 -------- d-----w- C:\ProgramData\Premium
2011-10-19 18:03:06 -------- d-----w- C:\ProgramData\InstallMate
2011-10-18 10:51:53 -------- d-----w- C:\Program Files\iTunes
2011-10-18 10:51:53 -------- d-----w- C:\Program Files\iPod
2011-10-18 10:51:53 -------- d-----w- C:\Program Files (x86)\iTunes
2011-10-18 10:50:03 -------- d-----w- C:\Program Files\Bonjour
2011-10-18 10:50:03 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-10-14 06:50:55 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-10-14 06:50:46 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-10-14 06:50:43 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-10-14 06:50:39 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-10-13 13:18:40 3138048 ----a-w- C:\Windows\System32\win32k.sys
2011-10-13 13:18:26 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-13 13:18:26 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-10-13 13:18:26 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-10-13 13:18:26 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-10-13 13:17:51 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-13 13:17:51 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-13 13:17:51 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-13 13:17:51 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-13 12:56:03 -------- d-----w- C:\Program Files\Microsoft
2011-10-11 04:34:14 -------- d-----w- C:\Program Files (x86)\Coupons
2011-10-11 04:25:46 -------- d-----w- C:\Users\Eric\AppData\Local\ElevatedDiagnostics
2011-10-11 04:19:37 129007072 ----a-w- C:\Program Files\HP C4680 FULL Drivers and Software.exe
2011-10-09 01:15:22 -------- d-----w- C:\Users\Eric\AppData\Roaming\iWin
2011-10-09 00:56:39 -------- d-----w- C:\Users\Eric\AppData\Local\Microsoft Games
2011-10-09 00:38:54 -------- d-----w- C:\Program Files (x86)\Common Files\HOMEPAGE PROTECTION
2011-10-08 23:54:07 -------- d-----w- C:\ProgramData\SpinTop Games
2011-10-08 21:37:06 -------- d-----w- C:\Program Files (x86)\JetAudio
2011-10-08 21:37:06 -------- d-----w- C:\Program Files (x86)\Common Files\COWON
2011-10-08 21:33:32 258048 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfppw73.dll
2011-10-08 09:30:56 -------- d-----w- C:\Users\Eric\AppData\Local\Evernote
2011-10-08 09:30:49 -------- d-----w- C:\Program Files (x86)\Evernote
2011-10-08 09:21:29 -------- d-----w- C:\Program Files (x86)\Microsoft ActiveSync
2011-10-08 09:20:18 -------- d-----w- C:\Program Files (x86)\Common Files\L&H
2011-10-08 08:45:05 -------- d-----w- C:\Users\Eric\AppData\Roaming\COWON
2011-10-08 08:23:34 -------- d-----w- C:\Users\Eric\AppData\Local\Western Digital
2011-10-08 08:22:47 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2011-10-08 08:22:47 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2011-10-08 08:22:46 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-10-08 08:22:11 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-10-08 08:21:45 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-10-08 08:21:45 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-10-08 08:21:45 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-10-08 08:21:45 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-10-08 08:21:45 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-10-08 08:21:45 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-10-08 08:21:45 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-10-08 07:50:26 -------- d-----w- C:\Users\Eric\AppData\Local\Apps
2011-10-08 05:59:55 -------- d-----w- C:\Windows\System32\SPReview
2011-10-08 05:59:00 -------- d-----w- C:\Windows\System32\EventProviders
2011-10-08 05:52:59 584192 ----a-w- C:\Windows\System32\ipsmsnap.dll
2011-10-08 05:51:59 856576 ----a-w- C:\Windows\SysWow64\FirewallControlPanel.dll
2011-10-08 05:50:59 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-10-08 05:50:59 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll
2011-10-08 05:50:50 189952 ----a-w- C:\Windows\SysWow64\sqmapi.dll
2011-10-08 05:50:35 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2011-10-08 05:50:35 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2011-10-08 05:50:35 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll
2011-10-08 05:47:56 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-10-08 05:47:56 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2011-10-08 05:47:40 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2011-10-08 05:46:12 -------- d-----w- C:\Users\Eric\AppData\Local\VS Revo Group
2011-10-08 04:32:03 -------- d-----w- C:\Users\Eric\AppData\Local\Yahoo
2011-10-08 04:12:11 -------- d-----w- C:\Users\Eric\AppData\Roaming\MSNInstaller
2011-10-08 04:08:45 -------- d-----w- C:\Users\Eric\AppData\Roaming\hpqLog
2011-10-08 04:08:07 -------- d-----w- C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}
2011-10-08 03:53:09 3584 ----a-r- C:\Users\Eric\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-10-08 03:53:09 -------- d-----w- C:\Program Files (x86)\Windows Installer Clean Up
2011-10-08 03:52:16 -------- d-----w- C:\Program Files (x86)\MSECACHE
2011-10-08 03:43:40 -------- d-----r- C:\Program Files (x86)\Skype
2011-10-08 03:40:58 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2011-10-08 03:35:41 -------- d-----w- C:\Users\Eric\To Be Added To Eric's MyTouch 4G
2011-10-08 03:35:27 -------- d-----w- C:\Users\Eric\To Be Added To Eric's iPod
2011-10-08 03:35:21 -------- d-sh--w- C:\Windows\Installer
2011-10-08 03:35:17 -------- d-----w- C:\Users\Eric\To Be Added To Norbert's 4G
2011-10-08 03:33:03 -------- d-----w- C:\Users\Eric\My Recipes
2011-10-08 03:30:26 -------- d-----w- C:\Users\Eric\My Current Listening Music
2011-10-08 03:30:14 -------- d-----w- C:\Users\Eric\My Contacts (.csv and .vcf files)
2011-10-08 03:30:07 -------- d-----w- C:\Users\Eric\My Comedy
2011-10-08 03:28:54 -------- d---a-w- C:\Users\Eric\Downloads (Music, Videos, Etc.)
2011-10-08 03:28:41 -------- d-----w- C:\Users\Eric\Android Phone Ringtones, Wallpapers, etc
2011-10-08 03:26:43 -------- d-----w- C:\Program Files (x86)\WildGames
2011-10-08 03:21:32 -------- d-----w- C:\Program Files (x86)\WildTangent Games
2011-10-08 03:15:35 -------- d-----w- C:\Users\Eric\AppData\Roaming\Malwarebytes
2011-10-08 03:13:59 -------- d-----w- C:\Windows\pss
2011-10-08 03:07:25 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-08 03:07:22 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2011-10-08 03:07:21 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-10-08 03:07:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-08 0323 -------- d-----w- C:\Program Files (x86)\CleanUp!
2011-10-08 03:05:46 -------- d-----w- C:\Program Files\CCleaner
2011-10-08 03:04:58 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-10-08 03:04:58 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-10-08 03:01:24 50688 ----a-w- C:\Program Files\ATF-Cleaner.exe
2011-10-08 02:32:43 704000 ----a-w- C:\Windows\System32\cohelper.dll
2011-10-08 02:32:43 6136 ----a-w- C:\Windows\System32\drivers\nvphy.bin
2011-10-08 02:29:03 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-10-08 02:29:03 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-10-08 02:29:02 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-10-08 02:29:02 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-10-08 02:29:02 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-10-08 01:58:56 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-10-08 01:36:13 -------- d-----w- C:\Windows\SysWow64\Wat
2011-10-08 01:36:13 -------- d-----w- C:\Windows\System32\Wat
2011-10-08 00:42:59 995328 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-10-07 22:51:52 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2011-10-07 22:51:52 1071088 ----a-w- C:\Windows\System32\MSCOMCTL.OCX
2011-10-07 22:51:29 -------- d-----w- C:\Program Files (x86)\SpywareGuard
2011-10-07 22:24:56 175616 ----a-w- C:\Windows\SysWow64\unrar.dll
2011-10-07 22:24:55 839680 ----a-w- C:\Windows\SysWow64\lameACM.acm
2011-10-07 22:24:55 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2011-10-07 22:24:55 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2011-10-07 22:24:55 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm
2011-10-07 22:24:54 74752 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2011-10-07 22:24:53 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2011-10-07 22:16:59 -------- d-----w- C:\Windows\SysWow64\Adobe
2011-10-07 22:15:57 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-07 2250 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2011-10-07 22:05:32 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-10-07 21:41:14 -------- d-----w- C:\Users\Eric\AppData\Local\LogiShrd
2011-10-07 21:40:11 53248 ----a-r- C:\Users\Eric\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-10-07 21:39:25 -------- d-----w- C:\Program Files (x86)\Common Files\LWS
2011-10-07 21:35:43 -------- d-----w- C:\Users\Eric\Logitech
2011-10-07 21:34:40 -------- d-----w- C:\Program Files (x86)\Common Files\Remote Control Software Common
2011-10-07 21:33:56 -------- d-----w- C:\Program Files (x86)\Common Files\Remote Control USB Driver
2011-10-07 21:16:58 -------- d-----w- C:\ProgramData\WEBREG
2011-10-07 21:16:10 254464 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfpp083.dll
2011-10-07 21:09:45 -------- d-----w- C:\Program Files (x86)\Yahoo!
2011-10-07 21:09:42 -------- d-----w- C:\ProgramData\HP Photo Creations
2011-10-07 21:09:42 -------- d-----w- C:\Program Files (x86)\HP Photo Creations
2011-10-07 21:08:57 -------- d-----w- C:\Users\Eric\AppData\Roaming\HpUpdate
2011-10-07 2141 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2011-10-07 2136 660 ----a-w- C:\Program Files (x86)\InstallTakeOwnership.reg
2011-10-07 2136 274 ----a-w- C:\Program Files (x86)\IE9 Icon Size Toggle - Small.reg
2011-10-07 2136 274 ----a-w- C:\Program Files (x86)\IE9 Icon Size Toggle - Large.reg
2011-10-07 2136 250 ----a-w- C:\Program Files (x86)\RemoveTakeOwnership.reg
2011-10-07 2123 660 ----a-w- C:\Program Files\InstallTakeOwnership.reg
2011-10-07 2123 274 ----a-w- C:\Program Files\IE9 Icon Size Toggle - Small.reg
2011-10-07 2123 274 ----a-w- C:\Program Files\IE9 Icon Size Toggle - Large.reg
2011-10-07 2123 250 ----a-w- C:\Program Files\RemoveTakeOwnership.reg
2011-10-07 21:05:52 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard
2011-10-07 21:05:29 134144 ----a-w- C:\Windows\System32\hpf3l083.dll
2011-10-07 21:03:49 966656 ----a-w- C:\Windows\System32\hposwia_p02b.dll
2011-10-07 21:03:49 512512 ----a-w- C:\Windows\System32\hposc_p02a.dll
2011-10-07 21:03:49 362328 ----a-w- C:\Windows\System32\HPZIDS40.dll
2011-10-07 21:03:49 1411584 ----a-w- C:\Windows\System32\hpost_p02b.dll
2011-10-07 20:57:34 -------- d-----w- C:\Users\Eric\AppData\Roaming\AVG2012
2011-10-07 20:57:01 -------- d-----w- C:\Windows\System32\drivers\NISX64\1007000.01E
2011-10-07 20:57:01 -------- d-----w- C:\Windows\System32\drivers\NISX64
2011-10-07 20:56:29 -------- d-----w- C:\ProgramData\AVG2012
2011-10-07 20:55:15 -------- d-----w- C:\Program Files (x86)\AVG
2011-10-07 20:47:57 -------- d--h--w- C:\ProgramData\Common Files
2011-10-07 20:47:44 -------- d-----w- C:\ProgramData\MFAData
2011-10-07 20:43:55 -------- d-----w- C:\Users\Eric\AppData\Local\Google
2011-10-07 20:41:32 -------- d-----w- C:\Users\Eric\AppData\Roaming\PictureMover
2011-10-07 20:41:08 -------- d-----w- C:\Users\Eric\AppData\Local\VirtualStore
2011-10-07 20:40:59 -------- d-----w- C:\Users\Eric\AppData\Local\Hewlett-Packard_Company
2011-10-07 17:35:14 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-10-07 17:35:14 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-10-07 17:33:58 2315776 ----a-w- C:\Windows\System32\tquery.dll
2011-10-07 17:32:56 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2011-10-07 17:31:48 605552 ----a-w- C:\Windows\System32\winload.exe
2011-10-07 17:27:26 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-10-07 17:27:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-10-07 17:27:24 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-10-07 17:21:16 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-10-07 17:20:23 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-10-07 17:03:53 -------- d-----w- C:\Users\Eric\AppData\Local\Hewlett-Packard
2011-10-07 17:03:00 -------- d-----w- C:\Users\Eric\AppData\Roaming\HP TCS
.
==================== Find3M ====================
.
2011-10-08 0654 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-10-08 0654 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-10-08 00:42:59 91648 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe
2011-09-13 10:30:08 37456 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-31 03:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-31 03:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-31 03:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-08-31 03:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-08-31 03:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-31 03:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-08-31 03:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-08-31 03:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-08-19 09:27:30 769312 ----a-w- C:\Windows\System32\LVUI64.dll
2011-08-19 09:27:30 561440 ----a-w- C:\Windows\System32\LVUIRC64.dll
2011-08-19 09:27:30 4869024 ----a-w- C:\Windows\System32\drivers\lvuvc64.sys
2011-08-19 09:27:30 351136 ----a-w- C:\Windows\System32\drivers\lvrs64.sys
2011-08-19 09:27:22 263456 ----a-w- C:\Windows\System32\lvco13301394.dll
2011-08-19 09:27:22 176416 ----a-w- C:\Windows\System32\lvcod64.dll
2011-08-19 09:26:50 545056 ----a-w- C:\Windows\SysWow64\LVUI2.dll
2011-08-19 09:26:50 540960 ----a-w- C:\Windows\SysWow64\LVUI2RC.dll
2011-08-19 09:26:46 307488 ----a-w- C:\Windows\SysWow64\lvcodec2.dll
2011-08-19 09:26:20 336408 ----a-w- C:\Windows\SysWow64\DevManagerCore.dll
2011-08-19 09:26:20 336408 ----a-w- C:\Windows\System32\DevManagerCore.dll
2011-08-19 09:26:20 10898456 ----a-w- C:\Windows\SysWow64\LogiDPP.dll
2011-08-19 09:26:20 10898456 ----a-w- C:\Windows\System32\LogiDPP.dll
2011-08-19 09:26:20 104472 ----a-w- C:\Windows\SysWow64\LogiDPPApp.exe
2011-08-19 09:26:20 104472 ----a-w- C:\Windows\System32\LogiDPPApp.exe
2011-08-12 16:19:40 16920 ----a-w- C:\Windows\System32\drivers\iKeyLFT264.dll
2011-08-08 10:08:58 46672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
.
============= FINISH: 22:14:39.34 ===============


2. Attach.txt is attached

3. I do have access to a boot cd I made when I got the computer and a system restore disk with the system image. Not that I know how to use them.

Again, much Thanks. I DO KNOW you don't have to do this.
Eric
Attached Files
File Type: zip Attach.zip (2.6 KB, 6 views)

__________________
eric0668 is offline  
Old 11-02-2011, 07:39 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,411
OS: XP SP3; Win7 32/64-bit



Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download aswMBR.exe to your desktop.
  • Double-click aswMBR.exe to run it.
  • When asked to download latest Avast! virus definitions, please choose No
  • Click the Scan button to start scan.
  • Wait until it says, 'Scan finished successfully'. ( Note - do not select any Fix at this time)
  • Click Save log, and save it to your desktop.
  • Click Exit.
  • Please post the contents of that log, aswMBR.txt, in your next reply.
There shall also be a file on your desktop named MBR.dat. Right-click that file and select Send To > Compressed (zipped) folder. Please attach that zipped file in your next reply.

------------------------------------------------------

__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 11-02-2011, 06:49 PM   #3
Registered Member
 
Join Date: Oct 2011
Posts: 43
OS: Windows 7



Thanks for your continued help.

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-02 21:45:49
-----------------------------
21:45:49.223 OS Version: Windows x64 6.1.7601 Service Pack 1
21:45:49.223 Number of processors: 4 586 0x502
21:45:49.224 ComputerName: ERIC-PC UserName: Eric
21:45:51.060 Initialize success
21:46:02.129 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000059
21:46:02.139 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3
21:46:04.290 Disk 0 MBR read successfully
21:46:04.290 Disk 0 MBR scan
21:46:04.290 Disk 0 unknown MBR code
21:46:04.290 Service scanning
21:46:06.281 Modules scanning
21:46:06.281 Disk 0 trace - called modules:
21:46:06.301 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
21:46:06.301 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007390060]
21:46:06.311 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa80070d47a0]
21:46:06.311 5 ACPI.sys[fffff88000ea17a1] -> nt!IofCallDriver -> \Device\00000059[0xfffffa80070d4060]
21:46:06.321 Scan finished successfully
21:46:35.125 Disk 0 MBR has been saved successfully to "C:\Users\Eric\Desktop\MBR.dat"
21:46:35.155 The log file has been saved successfully to "C:\Users\Eric\Desktop\aswMBR.txt"
__________________
eric0668 is offline  
Old 11-02-2011, 07:05 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,411
OS: XP SP3; Win7 32/64-bit



Hello Eric.

When you run this tool, remember to choose 'Skip' not 'Cure' if it finds something. We just want a scan, not a fix.

Download TDSSKiller.exe and Save it to your Desktop.

Double-click TDSSKiller.exe then click 'Start scan'.

If no infection is found, click 'Close' twice and let me know.

If an infection is found, select 'Skip' from the dropdown menu under 'Cure' then click 'Continue' > 'Close' > 'Close'.

It will produce a log here > C:\TDSSKiller.2.6.14.0_date_time_log.txt

Please navigate to the file, double-click to open it, and copy/paste the contents in your next reply.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 11-02-2011, 07:15 PM   #5
Registered Member
 
Join Date: Oct 2011
Posts: 43
OS: Windows 7



Thank You Chemist

It says no threats
__________________
eric0668 is offline  
Old 11-02-2011, 07:48 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,411
OS: XP SP3; Win7 32/64-bit



Hello again, Eric. You're welcome. Still not seeing anything.

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 11-02-2011, 07:57 PM   #7
Registered Member
 
Join Date: Oct 2011
Posts: 43
OS: Windows 7



Thank You. If I break a rule by asking how to do this please forgive me and delete this if you are a mod. Kevin, from Greyknight17 used to use, Hijackthis and cwshredder, but I don't know how to use them. DO use them? and fwiw, avg spywareguard spybot and malewarebytes have found nothign, but my mouse/cursor still lags majorly behind. Thanks again
Eric
__________________
eric0668 is offline  
Old 11-03-2011, 06:40 AM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,411
OS: XP SP3; Win7 32/64-bit



You're welcome. HJT and CWShredder are older tools we used to use. ComboFix does the same and more. Please follow my last instructions.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 11-03-2011, 03:08 PM   #9
Registered Member
 
Join Date: Oct 2011
Posts: 43
OS: Windows 7



I may have made a mistake, I hope not. It is 134,000+ characters and would not take it. I did as above, put in a note file with extension .txt, then compressed it. Is that ok?
Attached Files
File Type: zip ComboFix.zip (14.5 KB, 4 views)
__________________
eric0668 is offline  
Old 11-03-2011, 06:00 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,411
OS: XP SP3; Win7 32/64-bit



Hello again, Eric. I'm afraid ComboFix didn't find anything. Any change in behavior? We'll do an online scan to check for remnants.

------------------------------------------------------

Your Windows 7 User Account Control UAC has been disabled. Sometimes, malware disables it, sometimes the end user does.

Please read this

Before you go any further, protect this system and re-enable that feature. Click Start > Control Panel > User Accounts and Family Safety > User Accounts > Change User Account settings and set it back to Default.

------------------------------------------------------

Please uninstall the following via Start->(or Computer)->Control Panel->Programs->Programs and Features if it still exists:

Coupon Printer for Windows<<Please read here

If you decide to uninstall it, also delete the following Folder if it still exists:

C:\Program Files (x86)\Coupons

------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as Administrator command.

Go here and click 'ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 11-04-2011, 09:29 PM   #11
Registered Member
 
Join Date: Oct 2011
Posts: 43
OS: Windows 7



Hopefully this will help the fix

thanks
Attached Files
File Type: txt threats.txt (386 Bytes, 4 views)
__________________
eric0668 is offline  
Old 11-05-2011, 12:59 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,411
OS: XP SP3; Win7 32/64-bit



Hello again, Eric. I'm afraid those finds alone won't account for the problems you are experiencing.

You may have to seek help in one of our other forums.

------------------------------------------------------

Your Backup files 16.zip file likely contains a Java exploit. I'll leave it up to you whether to delete or not.

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Users\Eric\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\70941ee3-41c13337"
"K:\Eric's Personal Backup - Last Done July 9, 2011\Music\Keri Hilson - In A Perfect World\Keri Hilson - Slow you Down.wma"

) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)


if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this Notepad file as fix.bat and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on fix.bat to run it.

Tell me what it says in your next reply. Press any key to continue.

------------------------------------------------------

See if running this tool helps:

Please download Temp File Cleaner and save it to your desktop.
  • Save any unsaved work. TFC will close all open application windows.
  • Right-click TFC.exe then choose 'Run as administrator' and click 'Start'.
  • Your desktop will disappear, this is normal, it will return.
  • If prompted, click "Yes" to reboot.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 11-05-2011, 01:51 PM   #13
Registered Member
 
Join Date: Oct 2011
Posts: 43
OS: Windows 7



Thank You Chemist. Wow, you are more than generous with your time. Very Selfless

When you said ... still doesnt find the problem I am having... what was found is "something" tho right? If you don't see anything, very qualified you seem, why would posting on another forum help..and what one. The problem seems tolerable at times. I will keep with you and when we are done, I will tolerate if it exists, then do that

So you said, it is up to me. I trust you, and let this post be a "you are not liable" from me. Tell me what you would do and what I should delete

I ran the batch file, and it said "deleted successfully, press any key to continue"

I ran the second program and it cleaned 40 mb.
__________________
eric0668 is offline  
Old 11-05-2011, 02:34 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,411
OS: XP SP3; Win7 32/64-bit



Hello again, Eric. You're very welcome!

I would delete the zip file. You can always make another backup since it appears you are clean.

I was going to suggest the Internet Explorer Forum

------------------------------------------------------

There are still a couple things we can try.

Download and install Firefox:

Mozilla Firefox Web Browser

Do you experience the same problems in FF?

------------------------------------------------------

If FF does not give you the same problems, we know it lies with IE9.

You can uninstall IE9, then re-install it.

Download IE9 for Win7 installer from here and save it to your desktop:

http://go.microsoft.com/fwlink/?LinkId=210143

------------------------------------------------------

Follow the instructions here for uninstalling IE9:

Internet Explorer 9 - Uninstall - Windows 7 Forums

Now re-install IE9 using the installer you downloaded earlier. Any joy?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 11-05-2011, 03:12 PM   #15
Registered Member
 
Join Date: Oct 2011
Posts: 43
OS: Windows 7



I will keep on thanking you, as you keep on helping me :)

I will do the Firefox thing....as a test, as I don't care for Firefox, even though it is supposed to be more secure. Although on one forum, I heard they let Firefox slip the past couple of years. True?

And I will also uninstall/reinstall and do the other things and repost

I am posting now to ask exactly what zip? Thanks
Quote:
Originally Posted by chemist View Post
Hello again, Eric. You're very welcome!

I would delete the zip file. You can always make another backup since it appears you are clean.

I was going to suggest the Internet Explorer Forum

------------------------------------------------------

There are still a couple things we can try.

Download and install Firefox:

Mozilla Firefox Web Browser

Do you experience the same problems in FF?

------------------------------------------------------

If FF does not give you the same problems, we know it lies with IE9.

You can uninstall IE9, then re-install it.

Download IE9 for Win7 installer from here and save it to your desktop:

http://go.microsoft.com/fwlink/?LinkId=210143

------------------------------------------------------

Follow the instructions here for uninstalling IE9:

Internet Explorer 9 - Uninstall - Windows 7 Forums

Now re-install IE9 using the installer you downloaded earlier. Any joy?

------------------------------------------------------
__________________
eric0668 is offline  
Old 11-05-2011, 05:29 PM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,411
OS: XP SP3; Win7 32/64-bit



Quote:
I am posting now to ask exactly what zip?
The K:\ERIC-PC\Backup Set 2011-11-02 030000\Backup Files 2011-11-02 030000\Backup files 16.zip file ESET detected.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 11-05-2011, 05:50 PM   #17
Registered Member
 
Join Date: Oct 2011
Posts: 43
OS: Windows 7



Chemist, isn't that my monthly pc backup. Should I delete that? Or maybe u r saying there could be a virus in that backup that was since eradicated. So delete and rerun a backup?

I know in this forum it isn't for other thok to pm mods? Or pm anyone? for help atleast? But for other things it is ok? And also if u post and ask ahead of time
With that. Can I PM u. Maybe, I think u would know, I could help me with some Android? ??'s

Or maybe look at my posts in mobile section. Thank you. My name is Eric. If not to invasive may I ask ur name-+name of a person giving me a ton of time

Thanks
Eric
__________________
eric0668 is offline  
Old 11-05-2011, 07:27 PM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,411
OS: XP SP3; Win7 32/64-bit



Hello again, Eric. You can go ahead and delete that backup zip file, and create another once we are done.

We don't offer help via PM, but you can PM me. Not really keen on giving my name though.

Sorry, but I have no experience with Androids.

Have you followed the other instructions in my last to next post?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 11-09-2011, 10:07 AM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,411
OS: XP SP3; Win7 32/64-bit



Still with us, eric0668? I generally unsubscribe from threads after 3 days of inactivity. If you do not reply within 24 hours, this thread will be closed.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 11-09-2011, 10:13 AM   #20
Registered Member
 
Join Date: Oct 2011
Posts: 43
OS: Windows 7



I am still here chemist. Don't leave lol. But on a serious note. I may be done here. While it may have been the browser....FF Was fine, apl of my programs icons and or the icon s became corrupt. I just did a factory reset. Not sure if u could have helped at that point but you did help a lot. Thank u. If u want to leave open in case I have any problems with that feel free; -)

Take care

__________________
eric0668 is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Hijacked :/
Help, how do I fix this problem? I got hijacked, lucklily only hard drive C is hijacked and I'm able to acess the computer normally. I've manually fix task manager and cmd, but is unable to open any maps from hard drive C and not able to see hard drive C on My Computer. I can access C by using...
sdfsdf Resolved HJT Threads 2 10-13-2011 01:46 AM
I got hijacked
My computer started running really slow, and then I got hijacked. I ran hijackthis as this happened to me a few years ago. Here is the log report. Will you help me please? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:41:40 AM, on 9/10/2011 Platform: Windows XP SP3 (WinNT...
valeriedoremi Inactive Malware Help Topics 5 09-16-2011 03:51 AM
My browser is getting hijacked
Hi My browser is getting hijacked. So i ran eset on it and got the following result. Can you help thanks John B
john baldry Resolved HJT Threads 1 07-09-2011 01:00 PM
Proxy application "Hotspot Shield" has hijacked my browsers
I installed Hotspot Shield, a 'free' proxy server application. It automatically launched Safari (not my default browser). Now it auto-redirects me to "search-results.com" every time I attempt a Google search. My home page is no longer Google either. Additionally, there is an advertisement atop...
Orun Mac Support 1 04-13-2011 03:09 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 06:02 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts