Think someone gained access to my PC

[TheEarl]

I'm afraid someone gained access to my laptop while I was away from home. I'd like to make sure no keyloggers or spyware or other such nastiness was installed.


DDS (Ver_10-03-17.01) - NTFSX64
Run by TheEarl at 18:11:43.37 on Wed 05/26/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4091.2643 [GMT -7:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Mozy\mozybackup.exe
C:\Program Files (x86)\Mozy\mozybackup.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\TheEarl\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Mozy\mozystat.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Windows\OEM13Mon.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\TheEarl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Users\TheEarl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TheEarl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TheEarl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TheEarl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TheEarl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TheEarl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TheEarl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TheEarl\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\TheEarl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\TheEarl\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = https://share.law.northwestern.edu/jclc/default.aspx
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "c:\users\theearl\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [googletalk] c:\users\theearl\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [ISUSPM Startup] c:\progra~2\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [ISUSPM] "c:\program files (x86)\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Steam] "c:\program files (x86)\steam\Steam.exe" -silent
mRun: [ZoneAlarm Client] "c:\program files (x86)\zone labs\zonealarm\zlclient.exe"
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
mRun: [OEM13Mon.exe] c:\windows\OEM13Mon.exe
mRun: [PDVDDXSrv] "c:\program files (x86)\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SSBkgdUpdate] "c:\program files (x86)\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ISUSScheduler] "c:\program files (x86)\common files\installshield\updateservice\issch.exe" -start
mRun: [DNS7reminder] "c:\program files (x86)\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\programdata\nuance\naturallyspeaking10\Ereg.ini
mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
StartupFolder: c:\users\theearl\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files (x86)\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\mozyho~1.lnk - c:\program files (x86)\mozy\mozystat.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
mRun-x64: [Apoint] c:\program files\delltpad\Apoint.exe
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\theearl\appdata\roaming\mozilla\firefox\profiles\dzn17kf0.default\
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\theearl\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\theearl\appdata\roaming\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\users\theearl\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 DLACDBHE;DLACDBHE;c:\windows\system32\drivers\DLACDBHE.SYS [2010-1-16 17776]
R0 DRVECDB;DRVECDB;c:\windows\system32\drivers\DRVECDB.SYS [2010-1-16 124112]
R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2010-1-16 55024]
R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-1-8 269320]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-1-8 35464]
R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-1-8 317520]
R1 DLARTL_E;DLARTL_E;c:\windows\system32\drivers\DLARTL_E.SYS [2010-1-16 41072]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\avg\avg9\avgemc.exe [2010-3-12 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-3-12 308064]
R2 DLABMFSE;DLABMFSE;c:\windows\system32\drivers\DLABMFSE.SYS [2010-1-16 46448]
R2 DLABOIOE;DLABOIOE;c:\windows\system32\drivers\DLABOIOE.SYS [2010-1-16 42352]
R2 DLADResE;DLADResE;c:\windows\system32\drivers\DLADResE.SYS [2010-1-16 9968]
R2 DLAIFS_E;DLAIFS_E;c:\windows\system32\drivers\DLAIFS_E.SYS [2010-1-16 146672]
R2 DLAOPIOE;DLAOPIOE;c:\windows\system32\drivers\DLAOPIOE.SYS [2010-1-16 35056]
R2 DLAPoolE;DLAPoolE;c:\windows\system32\drivers\DLAPoolE.SYS [2010-1-16 19824]
R2 DLAUDF_E;DLAUDF_E;c:\windows\system32\drivers\DLAUDF_E.SYS [2010-1-16 144112]
R2 DLAUDFAE;DLAUDFAE;c:\windows\system32\drivers\DLAUDFAE.SYS [2010-1-16 135152]
R2 DRVEDDM;DRVEDDM;c:\windows\system32\drivers\DRVEDDM.SYS [2010-1-16 63984]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2007-3-5 12288]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2008-5-28 267296]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-6-10 187392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 17920]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-10-16 50176]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-24 1255736]

=============== Created Last 30 ================

2010-05-27 00:28:16 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-05-27 00:28:16 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-13 21:21:47 976896 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-13 21:21:47 740864 ----a-w- c:\windows\syswow64\inetcomm.dll
2010-05-11 15:06:24 0 d-----w- c:\program files (x86)\Audible
2010-05-01 06:40:00 0 d-----w- c:\programdata\Sun
2010-05-01 06:39:04 411368 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-05-01 06:39:04 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-05-01 06:39:04 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-05-01 06:39:04 145184 ----a-w- c:\windows\syswow64\java.exe
2010-05-01 06:04:15 0 d-sh--w- c:\programdata\SecuROM
2010-05-01 06:02:30 178800 ----a-w- c:\windows\syswow64\CmdLineExt_x64.dll
2010-05-01 06:02:17 453456 ----a-w- c:\windows\syswow64\d3dx10_42.dll
2010-05-01 06:02:17 1892184 ----a-w- c:\windows\syswow64\D3DX9_42.dll
2010-05-01 06:01:49 0 d-----w- c:\windows\syswow64\xlive
2010-05-01 06:01:49 0 d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2010-04-30 02:12:55 733320 ----a-w- c:\windows\syswow64\PerfStringBackup.INI
2010-04-28 19:11:41 96768 ----a-w- c:\windows\syswow64\sspicli.dll
2010-04-28 19:11:41 22016 ----a-w- c:\windows\syswow64\secur32.dll
2010-04-28 19:11:41 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-28 19:11:41 1446912 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-28 19:11:41 12867072 ----a-w- c:\windows\syswow64\shell32.dll

==================== Find3M ====================

2010-05-27 00:58:23 57752 ----a-w- c:\windows\syswow64\rpcnet.dll
2010-05-27 00:58:23 17920 ----a-w- c:\windows\syswow64\rpcnetp.dll
2010-05-27 00:57:20 17920 ----a-w- c:\windows\syswow64\rpcnetp.exe
2010-05-27 00:57:20 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2010-05-22 18:03:54 13160 ----a-w- c:\windows\syswow64\Upgrd.exe
2010-05-22 18:03:48 57752 ------w- c:\windows\syswow64\rpcnet.exe
2010-05-06 00:26:14 1475 ----a-w- c:\users\theearl\appdata\roaming\SAS7_000.DAT
2010-04-24 21:51:17 98304 ----a-w- c:\windows\W2BNEUnin.exe
2010-04-24 21:51:17 2829 ----a-w- c:\windows\W2BNEUnin.pif
2010-04-24 21:51:17 20298 ----a-w- c:\windows\W2BNEUnin.dat
2010-04-21 17:45:26 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2010-03-18 05:25:39 86528 ----a-w- c:\windows\bnetunin.exe
2010-03-18 05:25:39 61440 ----a-w- c:\windows\diabunin.exe
2010-03-14 06:55:37 26884 ----a-w- c:\windows\fonts\MOVIPI_.TTF
2010-03-14 06:55:37 26604 ----a-w- c:\windows\fonts\MOVIPBI.TTF
2010-03-14 06:55:37 26456 ----a-w- c:\windows\fonts\Movipci.ttf
2010-03-14 06:55:37 26168 ----a-w- c:\windows\fonts\Movipcbi.ttf
2010-03-14 06:55:37 22428 ----a-w- c:\windows\fonts\MOVIPRG.TTF
2010-03-14 06:55:37 22388 ----a-w- c:\windows\fonts\Movipcrg.ttf
2010-03-14 06:55:37 22240 ----a-w- c:\windows\fonts\MOVIPB_.TTF
2010-03-14 06:55:37 22124 ----a-w- c:\windows\fonts\Movipcb.ttf
2010-03-14 06:51:28 38396 ----a-w- c:\windows\fonts\Univers LT 39 Thin Ultra Condensed_0.ttf
2010-03-14 06:51:28 38396 ----a-w- c:\windows\fonts\Univers LT 39 Thin Ultra Condensed.ttf
2010-03-14 06:35:43 24472 ----a-w- c:\windows\fonts\SF Movie Poster Condensed.ttf
2010-03-14 06:35:43 24364 ----a-w- c:\windows\fonts\SF Movie Poster Oblique.ttf
2010-03-14 06:35:43 24128 ----a-w- c:\windows\fonts\SF Movie Poster Condensed Oblique.ttf
2010-03-14 06:35:43 23852 ----a-w- c:\windows\fonts\SF Movie Poster Condensed Bold.ttf
2010-03-14 06:35:43 23780 ----a-w- c:\windows\fonts\SF Movie Poster Bold.ttf
2010-03-14 06:35:43 23716 ----a-w- c:\windows\fonts\SF Movie Poster Condensed Bold Oblique.ttf
2010-03-14 06:35:43 23684 ----a-w- c:\windows\fonts\SF Movie Poster Bold Oblique.ttf
2010-03-12 15:43:13 12976 ----a-w- c:\windows\system32\avgrssta.dll
2010-03-08 21:59:59 612352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 21:33:56 427520 ----a-w- c:\windows\syswow64\vbscript.dll
2010-02-27 15:17:00 5509008 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-27 12:07:48 3954568 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-02-27 12:07:48 3899280 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-01-17 05:47:27 66936 --sha-w- c:\windows\dlinfo_0.drv
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-01-26 17:31:30 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-01-26 17:31:30 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-01-26 17:31:30 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2010-01-26 17:31:30 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 18:12:43.86 ===============

[shelf life]

hi TheEarl,

Code:

gained access to my laptop

You mean physically or remotely?

Your log is a few days old. If you still need help simply reply to my post.

[TheEarl]

hi TheEarl,

Code:

gained access to my laptop

You mean physically or remotely?

Your log is a few days old. If you still need help simply reply to my post.

Physically.

[shelf life]

Lets get a look for potential nasties with malwarebytes. Link and direction:

Please download Malwarebytes to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.

[TheEarl]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4172

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/6/2010 7:59:17 AM
mbam-log-2010-06-06 (07-59-17).txt

Scan type: Full scan (C:\|)
Objects scanned: 361354
Time elapsed: 1 hour(s), 7 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\TheEarl\AppData\Local\Temp\Temp1_DDTrainer109a.zip\DDtrainer109a+.exe (Malware.Packer) -> Quarantined and deleted successfully.

[shelf life]

Not much to worry about there. You can do a online scan. Your updated AVG is coming up clean after a scan?

ESET online scanner:

http://www.eset.com/onlinescan/

uses Internet Explorer only
check "YES" to accept terms
click start button
allow the ActiveX component to install
click the start button. the Scanner will update.
check both "Remove found threats" and "Scan unwanted applications"
click scan
when done you can find the scan log at:C:\Program Files\EsetOnlineScanner\log.txt
please copy/paste that log in next reply.

[tashi]

This thread has been closed due to inactivity and will not be re-opened.

If you still require help, please start a new topic and include a DDS log with a link to your previous thread.

Please do not add any logs that might have been requested previously, you would be starting fresh.

Applies only to the original poster, anyone else with similar problems please start your own topic.