Results 1 to 4 of 4

Thread: need help, i suspect malware causing webpages from loading

  1. #1
    Junior Member
    Join Date
    Apr 2012
    Posts
    1

    Default need help, i suspect malware causing webpages from loading

    somehow my computer got infected with some malware, i used spybot and malwarebytes which seemed to remove the problem, but ever since that day, i havent been able to browse certain websites properly. i use google chrome and even getting google.com to load is a problem along with other sites which might load after multiple reloads or closing and re-opening the browser a few times. the error i get is "This web page is not available
    Google Chrome could not load the web page because www.google.com.jm took too long to respond. The website may be down or you may be experiencing issues with your Internet connection"

    even getting onto this site is HELL!


    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_30
    Run by Walter at 13:05:17 on 2012-04-19
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3996.2440 [GMT -5:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe
    C:\Program Files\LSI SoftModem\agr64svc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\windows\system32\lxctcoms.exe
    C:\windows\system32\taskhost.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
    C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    C:\windows\system32\wbem\unsecapp.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\system32\DllHost.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    C:\Users\Walter\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Walter\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Walter\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Walter\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Walter\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\windows\SysWOW64\rundll32.exe
    C:\Users\Walter\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Walter\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\windows\sysWOW64\wbem\wmiprvse.exe
    C:\Users\Walter\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\windows\system32\wbem\WmiApSrv.exe
    C:\windows\system32\taskhost.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\SysWOW64\cmd.exe
    C:\windows\system32\conhost.exe
    C:\windows\SysWOW64\cscript.exe
    C:\windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe,
    BHO: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - No File
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [Google Update] "C:\Users\Walter\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
    mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
    mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [HPUsageTrackingLEDM] "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\Users\Walter\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    StartupFolder: C:\Users\Walter\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    TCP: DhcpNameServer = 173.225.240.50 173.225.240.51
    TCP: Interfaces\{0D77F418-B580-4953-9657-B2F7E86411BA} : DhcpNameServer = 173.225.240.50 173.225.240.51
    TCP: Interfaces\{396110E9-D9AF-4E97-8EBF-2657721BCA52} : DhcpNameServer = 173.225.240.50 173.225.240.51
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    IFEO: mcmpeng.exe - svchost.exe
    BHO-X64: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - No File
    BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
    BHO-X64: Symantec NCO BHO - No File
    BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
    BHO-X64: Symantec Intrusion Prevention - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
    mRun-x64: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
    mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
    mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun-x64: [(Default)]
    mRun-x64: [HPUsageTrackingLEDM] "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    IFEO-X64: mcmpeng.exe - svchost.exe
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\3nbkzty3.default\
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: C:\Users\Walter\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Walter\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Walter\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: general.useragent.extra.brc -
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
    R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS --> C:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [?]
    R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS --> C:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [?]
    R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS --> C:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [?]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS --> C:\windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe [2011-4-9 89600]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
    R2 hpHotkeyMonitor;HP Hotkey Monitor;C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-3-1 264248]
    R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-12-8 635416]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\windows\system32\drivers\IntcHdmi.sys --> C:\windows\system32\drivers\IntcHdmi.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-17 116648]
    S2 HP LaserJet Service;HP LaserJet Service;C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2009-10-15 136192]
    S2 NIS;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [?]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
    S3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2012-1-23 1157240]
    S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-17 116648]
    S3 HP1210FAX;HP1210MFP FAX;C:\windows\system32\Drivers\HPM1210FAX.sys --> C:\windows\system32\Drivers\HPM1210FAX.sys [?]
    S3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120124.002\IDSviA64.sys [2011-8-10 488568]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
    S3 mvusbews;USB EWS Device;C:\windows\system32\Drivers\mvusbews.sys --> C:\windows\system32\Drivers\mvusbews.sys [?]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 PortTalk;PortTalk;C:\Windows\System32\drivers\PortTalk.sys [2012-2-28 3567]
    S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-04-19 14:48:25 -------- d-----w- C:\windows\SysWow64\QVJGTGljZW5zZUluZm8=
    2012-04-19 14:48:23 -------- d-----w- C:\Program Files (x86)\Advanced Registry Fix
    2012-04-18 17:49:06 -------- d-----w- C:\Program Files (x86)\Common Files\Adobe Systems Shared
    2012-04-18 17:42:03 696320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
    2012-04-18 17:42:03 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
    2012-04-18 17:42:03 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
    2012-04-18 17:42:03 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
    2012-04-18 17:42:03 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
    2012-04-18 17:42:01 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
    2012-04-18 17:42:01 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
    2012-04-17 13:16:10 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9380F664-2B84-4E55-8097-C3E25423A2FF}\mpengine.dll
    2012-04-17 12:43:04 -------- d-----w- C:\Users\Walter\AppData\Roaming\Malwarebytes
    2012-04-17 04:48:49 -------- d-----w- C:\Users\Walter\AppData\Local\Threat Expert
    2012-04-17 00:09:02 -------- d-----w- C:\Users\Walter\AppData\Roaming\AVG2012
    2012-04-16 23:54:55 -------- d--h--w- C:\ProgramData\Common Files
    2012-04-16 23:54:23 -------- d-----w- C:\ProgramData\AVG2012
    2012-04-16 23:53:21 -------- d-----w- C:\Program Files (x86)\AVG
    2012-04-16 23:46:05 -------- d-----w- C:\ProgramData\MFAData
    2012-04-16 23:22:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-04-15 06:43:04 -------- d-----w- C:\temp
    2012-04-15 06:32:50 -------- d-----w- C:\Users\Walter\.yawcam
    2012-04-15 06:32:35 -------- d-----w- C:\Program Files (x86)\Yawcam
    2012-04-11 06:45:11 53248 ----a-w- C:\windows\SysWow64\CSVer.dll
    2012-04-11 06:44:34 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-04-11 06:42:44 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
    2012-04-11 06:21:26 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
    2012-04-11 06:21:25 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
    2012-04-11 06:21:25 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
    2012-04-11 06:20:41 81408 ----a-w- C:\windows\System32\imagehlp.dll
    2012-04-11 06:20:41 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
    2012-04-11 06:20:41 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
    2012-04-11 06:20:40 5120 ----a-w- C:\windows\SysWow64\wmi.dll
    2012-04-11 06:20:40 5120 ----a-w- C:\windows\System32\wmi.dll
    2012-04-11 06:20:40 220672 ----a-w- C:\windows\System32\wintrust.dll
    2012-04-11 06:20:40 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
    2012-04-11 03:12:11 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2012-04-07 21:33:48 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2012-04-07 21:33:48 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2012-04-07 13:47:31 -------- d-----w- C:\Program Files (x86)\PC Tools
    2012-04-07 13:40:59 230952 ----a-w- C:\windows\System32\drivers\PCTSD64.sys
    2012-04-07 13:40:58 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
    2012-04-07 13:40:27 -------- d-----w- C:\Users\Walter\AppData\Roaming\TestApp
    2012-04-07 13:40:27 -------- d-----w- C:\ProgramData\PC Tools
    2012-04-06 23:58:11 -------- d-----w- C:\Users\Walter\AppData\Local\Apple Computer
    2012-04-06 23:57:57 34152 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
    2012-04-06 23:57:57 126312 ----a-w- C:\windows\System32\GEARAspi64.dll
    2012-04-06 23:57:57 107368 ----a-w- C:\windows\SysWow64\GEARAspi.dll
    2012-04-06 23:56:57 -------- d-----w- C:\Program Files\iPod
    2012-04-06 23:56:55 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    2012-04-06 23:56:55 -------- d-----w- C:\Program Files\iTunes
    2012-04-06 23:56:55 -------- d-----w- C:\Program Files (x86)\iTunes
    2012-04-06 23:55:57 -------- d-----w- C:\Users\Walter\AppData\Local\Apple
    2012-04-06 23:55:08 -------- d-----w- C:\Program Files\Bonjour
    2012-04-06 23:55:08 -------- d-----w- C:\Program Files (x86)\Bonjour
    2012-04-04 17:27:18 -------- d-----w- C:\Program Files (x86)\VideoLAN
    2012-03-31 18:46:03 -------- d-----w- C:\ProgramData\DivX
    .
    ==================== Find3M ====================
    .
    2012-02-28 16:42:01 466456 ----a-w- C:\windows\System32\wrap_oal.dll
    2012-02-28 16:42:01 122904 ----a-w- C:\windows\System32\OpenAL32.dll
    2012-02-28 16:42:00 444952 ----a-w- C:\windows\SysWow64\wrap_oal.dll
    2012-02-28 16:42:00 109080 ----a-w- C:\windows\SysWow64\OpenAL32.dll
    2012-02-28 06:39:37 1188864 ----a-w- C:\windows\System32\wininet.dll
    2012-02-28 05:38:52 981504 ----a-w- C:\windows\SysWow64\wininet.dll
    2012-02-28 04:31:38 1638912 ----a-w- C:\windows\System32\mshtml.tlb
    2012-02-28 03:52:27 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2012-02-23 15:18:36 279656 ----a-w- C:\windows\System32\MpSigStub.exe
    2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll
    2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
    2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
    2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
    2012-02-15 16:01:50 52736 ----a-w- C:\windows\System32\drivers\usbaapl64.sys
    2012-02-15 16:01:50 4547944 ----a-w- C:\windows\System32\usbaaplrc.dll
    2012-02-12 03:42:18 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-02-11 21:49:28 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
    2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll
    2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
    2012-02-08 16:27:16 2828 --sha-w- C:\ProgramData\KGyGaAvL.sys
    2012-02-08 16:27:09 88 --sh--r- C:\ProgramData\10B74651DB.sys
    2012-02-04 11:42:22 152576 ----a-w- C:\windows\SysWow64\msclmd.dll
    2012-02-04 11:42:21 175616 ----a-w- C:\windows\System32\msclmd.dll
    2012-02-03 04:34:34 3145728 ----a-w- C:\windows\System32\win32k.sys
    2012-01-25 06:38:39 77312 ----a-w- C:\windows\System32\rdpwsx.dll
    2012-01-25 06:38:38 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
    2012-01-25 06:33:30 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
    .
    ============= FINISH: 13:07:06.43 ===============

  2. #2
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi and Welcome!! My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
    • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for the issues on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.


    IMPORTANT NOTE : Please do not delete anything unless instructed to.
    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
    Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.


    Vista and Windows 7 users:
    These tools MUST be run from the executable (.exe) every time you run them
    with Admin Rights (Right click, choose "Run as Administrator")


    Stay with this topic until I give you the all clean post.

    First we need to make all files and folders VISIBLE:

    • Go to start>control panel>folder options>view
    • Choose to "show hidden files and folders,"
    • Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
    • Close the window with OK

    ---------

    Please download aswMBR to your desktop.

    • Right click and Run as Administrator the aswMBR icon to run it.
    • Click the Scan button to start scan.
    • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.



    Click the image to enlarge it
    ----------

  3. #3
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,

    Do you still need help?

  4. #4
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Due to lack of feedback, this topic will now be closed.
    If you are the original poster and you still require help, please start a new thread.

    -------------------

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •