Results 1 to 3 of 3

Thread: Malware on 2 ?

  1. #1
    Junior Member
    Join Date
    May 2012
    Location
    UK West Midlands
    Posts
    3

    Default Malware on 2 ?

    Help in correcting problems on my 2 PCs, which I suspect is caused by a worm infestation, will be greatly appreciated.

    The story so far:

    My home network consists of:

    2 indentical PCs bought new, earlier this year. Each is fitted with a 120GB Corsair Force 3 SSD, 1TB Hitachi Sata II harddisk, Blue-Ray and Samsung SATA CD/DVD writers, 8GB RAM, ASUS P8H61 Motherboard, Intel Core i5 2500K Quad Core (4x3.3Gz 6MB Cache), nVidia GeForce GTS 450 1GB, Built in audio, card reader etc. Also, 802.11N Wi-Fi PCIe wireless cards, which are currently disabled and unused. Both running Windows 7 Professional. wireless mice and keyboards. Both connect by Ethernet through a Netgear wired router to a broadband service, which is then connected to a Netgear dual-band wireless router.

    For identification I have named these as "SEVEN" and "EIGHT" (The names have historical significance to me, but mean nothing else !)

    A Dell Inspiron 9300 laptop, running Windows XP, connected wirelessly. (name: "SIX"). This connects, through a Netgear "dongle" to the 50MHz channel.

    A Netgear ReadyNAS NV+ plugged directly into the wireless router, and to which I connect up to 4 harddisks, by USB, as required,

    And occasional connections, wirelessly, by a ASUS Transformer Tablet.

    Everything has worked well until about three weeks ago, when both of the PCs became troublesome, locking up after startup, the mouse pointer showing the "rotating blue doughnut" for long periods before (sometimes !) opening a program or utility, or often just sitting there. The only way out at most times, was to simply switch off. There is no recognisable pattern to this and it sometimes happens directly after boot up, and sometimes after 10-15 minutes. I ran my Avast! software to perform a boot-time scan and it reported (for EIGHT):

    "Download Manager.exe is infected by WIN32: IBRYTE-M (PUR)"
    which I deleted using the appropriate button.

    SEVEN was reported as clear. I have been unable to find a "Download Manager.exe" on either machine. I have disconnected both machines from everything and run them separately. I also ensured that each was entirely separated from the other, and physically moved them further apart to ensure that they were not picking up stray signals from each other or elsewhere. Frequent "deep scans" fail to produce evidence of infections, and the use of the "Repair" function using the installation CD has not helped at all; neither has the "sfc /scannow" command.

    I AM able to run the machines successfully in Safe Mode with Networking and, apart from the obvious inconveniences in Safe Mode, everything runs well this way.

    I have run out of ideas !

    This is a request for help with just one PC (EIGHT). I will submit a separate request for the other PC later, if required.

    RonLuxton

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
    Internet Explorer: 9.0.8112.16421
    Run by RonLuxton at 14:37:58 on 2012-05-13
    Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.8173.7283 [GMT 1:00]
    .
    AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - D:\Spybot\SPYBOT~1\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [EPSON Stylus DX7400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICDE.EXE /FU "C:\Windows\TEMP\E_SA6F9.tmp" /EF "HKCU"
    uRun: [ClipMate7] C:\Program Files (x86)\ClipMate 7 on 8\ClipMate.exe
    uRun: [EPSON Stylus Photo R1800] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATI9LA.EXE /FU "C:\Windows\TEMP\E_S56F.tmp" /EF "HKCU"
    uRun: [SpybotSD TeaTimer] D:\Spybot\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [TomTomHOME.exe] "D:\TomTom\TomTom HOME 2\TomTomHOMERunner.exe"
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    mRun: [TkBellExe] "D:\Real Player\update\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\COLORV~1.LNK - C:\Program Files (x86)\ColorVision\Utility\ColorVisionStartup.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot\SPYBOT~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{625F1783-2D54-4FA3-B421-2D8ECFE82E5A}\44D2C496E6B6 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{D7053AD8-A3C2-4DF4-BC57-607CD662B1DA} : DhcpNameServer = 192.168.1.1
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot\SPYBOT~1\SDHelper.dll
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    mRun-x64: [TkBellExe] "D:\Real Player\update\realsched.exe" -osboot
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?]
    R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]
    R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys --> C:\Windows\system32\DRIVERS\tdrpm273.sys [?]
    R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
    R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    S1 aswKbd;aswKbd;C:\Windows\system32\drivers\aswKbd.sys --> C:\Windows\system32\drivers\aswKbd.sys [?]
    S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    S1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2008-10-9 759072]
    S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    S2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-2-22 3246040]
    S2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    S2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-3-24 44768]
    S2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2012-3-24 134920]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    S2 GsServer;GoodSync Server;D:\GoodSync\Gs-Server.exe [2012-4-12 5230256]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-16 136176]
    S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-1-9 2253120]
    S2 SBSDWSCService;SBSD Security Center Service;D:\Spybot\Spybot - Search & Destroy\SDWinSec.exe [2012-5-7 1153368]
    S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
    S2 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2012-4-4 5671792]
    S2 TomTomHOMEService;TomTomHOMEService;D:\TomTom\TomTom HOME 2\TomTomHOMEService.exe [2012-1-23 92592]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-1-9 2656280]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-25 253088]
    S3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]
    S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-16 136176]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    S3 Spyder2;ColorVision Spyder2;C:\Windows\system32\DRIVERS\Spyder2.sys --> C:\Windows\system32\DRIVERS\Spyder2.sys [?]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-05-12 20:07:11 -------- d-----w- C:\Program Files (x86)\ERUNT Backup Files
    2012-05-11 11:29:26 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    2012-05-10 18:22:43 -------- d-----w- C:\Windows\pss
    2012-05-10 15:24:41 1544704 ----a-w- C:\Windows\System32\DWrite.dll
    2012-05-10 15:24:40 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-05-10 15:24:39 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-10 15:24:39 3146240 ----a-w- C:\Windows\System32\win32k.sys
    2012-05-10 15:24:38 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-10 15:24:38 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-05-10 15:23:16 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
    2012-05-10 15:21:16 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-05-10 15:21:14 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-10 15:21:14 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
    2012-05-10 15:21:14 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
    2012-05-10 15:21:14 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-10 15:21:13 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
    2012-05-07 15:53:52 8917360 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C43FD4E5-2C30-46A2-84DF-01C0E5F17C7D}\mpengine.dll
    2012-05-07 13:00:48 -------- d-----w- C:\Users\RonLuxton\AppData\Roaming\Safer Networking
    2012-05-07 10:57:32 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2012-05-04 15:17:51 8917360 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-05-04 14:33:21 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9FB2C679-B2D4-4410-AB0C-4CF1A28E9D3A}\gapaengine.dll
    2012-05-04 11:26:37 -------- d-----w- C:\Users\RonLuxton\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
    2012-05-04 11:26:28 -------- d-----w- C:\ProgramData\Virtualized Applications
    2012-04-30 13:55:05 -------- d-----w- C:\Windows\PCHEALTH
    2012-04-27 13:19:12 -------- d-----w- C:\Program Files (x86)\MSECache
    2012-04-25 12:50:24 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    .
    ==================== Find3M ====================
    .
    2012-04-25 12:50:24 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-03-22 16:52:12 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2012-03-22 16:52:12 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2012-03-20 19:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
    2012-03-20 19:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
    2012-03-07 00:15:19 41184 ----a-w- C:\Windows\avastSS.scr
    2012-03-07 00:04:31 141144 ----a-w- C:\Windows\System32\drivers\aswFW.sys
    2012-03-07 00:04:06 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-03-07 00:03:29 258904 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys
    2012-03-07 00:02:45 28504 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
    2012-03-07 00:02:20 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2012-03-07 00:01:52 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
    2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
    2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
    2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-02-24 15:12:31 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-02-23 15:54:51 12368 ----a-w- C:\Windows\System32\drivers\aswNdis.sys
    2012-02-22 19:18:47 285280 ----a-w- C:\Windows\System32\drivers\afcdp.sys
    2012-02-22 19:18:43 1263200 ----a-w- C:\Windows\System32\drivers\tdrpm273.sys
    2012-02-22 19:18:42 943712 ----a-w- C:\Windows\System32\drivers\timntr.sys
    2012-02-22 19:18:39 277088 ----a-w- C:\Windows\System32\drivers\snapman.sys
    2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    .
    ============= FINISH: 14:38:11.82 ===============
    Last edited by tashi; 2012-05-13 at 19:17. Reason: Copy pasted DDS log into topic. Removed email address.

  2. #2
    Security Expert- Emeritus
    Join Date
    Aug 2008
    Location
    South East Asia
    Posts
    725

    Default

    Hello and welcome to Safer Networking.

    I am currently assessing your situation and will be back with a fix for your problem as soon as possible.

    Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click Thread Tools, then click Subscribe to this Thread. Under the Notification Type: title, make sure it is set to Instant notification by email, then click Add Subscription.

    Please be patient with me during this time.

    Meanwhile, please make a reply to this topic to acknowledge that you have read this and is still with me to tackle the problem until the end. If I do not get any response within 3 days, this topic will be closed.

  3. #3
    Security Expert- Emeritus
    Join Date
    Aug 2008
    Location
    South East Asia
    Posts
    725

    Default

    Due to lack of response, this topic is now closed.

    If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. How to post a DDS log.

    If it has been less than three days since your last response and you need the thread re-opened, please send a private message (pm) to me or a MOD. A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

    Everyone else please begin a New Topic.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •