Results 1 to 10 of 10

Thread: Can't remove Win32.downloader.gen malware!

  1. #1
    Junior Member
    Join Date
    Mar 2013
    Posts
    8

    Exclamation Can't remove Win32.downloader.gen malware!

    Recently, I ran Spybot and it found an infection with Win32.downloader.gen malware. After finding it, Spybot tried to remove it but couldn't. Then, Spybot
    asked if I wanted to allow Spybot to run again when the computer restarts. I selected "yes" and once restarting, Spybot ran for several hours (with no other programs running) and again detected the malware. Once I selected "fix problem", it checked it off as if it was repaired. However, when I run the program again, it still finds it again and the whole sequence is repeated.

    Potential source of the problem: Recently, I downloaded several audio codec files from download.cnet.com/windows/ and possibly this infected my computer.

    I was running Spybot Search & Destroy version 1.6.2.46

    Tashi asked me to post to this forum.

    In the instructions, I was told to use ERUNT to back up my system registry.

    Then, I was told to run the DDS log and below are the contents:


    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702
    Run by JEFF at 14:10:57 on 2013-03-21
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1359 [GMT -7:00]
    .
    AV: ZoneAlarm Extreme Security Antivirus *Enabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    FW: ZoneAlarm Extreme Security Firewall *Enabled*
    .
    ============== Running Processes ================
    .
    D:\Program Files\Microsoft Security Client\MsMpEng.exe
    D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\System32\SCardSvr.exe
    D:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    D:\Program Files\Bonjour\mDNSResponder.exe
    D:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
    D:\Program Files\SearchProtect\bin\CltMngSvc.exe
    D:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
    D:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
    D:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
    D:\WINDOWS\system32\EscSvc.exe
    D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    D:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    D:\WINDOWS\system32\nvsvc32.exe
    D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    D:\Program Files\CyberLink\Shared Files\RichVideo.exe
    D:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    D:\WINDOWS\system32\SearchIndexer.exe
    D:\WINDOWS\system32\wbem\wmiprvse.exe
    D:\WINDOWS\System32\alg.exe
    D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    D:\WINDOWS\system32\rundll32.exe
    D:\WINDOWS\system32\RUNDLL32.EXE
    D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    D:\WINDOWS\stsystra.exe
    D:\Program Files\Dell\QuickSet\quickset.exe
    D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    D:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
    D:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    D:\WINDOWS\system32\wbem\wmiprvse.exe
    D:\Program Files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
    D:\Program Files\Epson Software\Event Manager\EEventManager.exe
    D:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
    D:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    D:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
    D:\Program Files\Microsoft Security Client\msseces.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\iPod\bin\iPodService.exe
    D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    D:\Program Files\Digital Line Detect\DLG.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    D:\Program Files\Windows Desktop Search\WindowsSearch.exe
    D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    D:\WINDOWS\system32\wbem\unsecapp.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    D:\Documents and Settings\JEFF\Application Data\SearchProtect\bin\cltmng.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\Program Files\Microsoft Office\Office12\EXCEL.EXE
    D:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    D:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    D:\Program Files\Mozilla Firefox\plugin-container.exe
    D:\WINDOWS\system32\SearchProtocolHost.exe
    D:\WINDOWS\system32\SearchFilterHost.exe
    D:\WINDOWS\System32\svchost.exe -k netsvcs
    D:\WINDOWS\system32\svchost.exe -k NetworkService
    D:\WINDOWS\system32\svchost.exe -k LocalService
    D:\WINDOWS\system32\svchost.exe -k LocalService
    D:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - d:\program files\epson software\e-web print\ewps_tb.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} -
    BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - d:\program files\java\jre1.5.0_06\bin\ssv.dll
    BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - d:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - d:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - d:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} -
    TB: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - d:\program files\epson software\e-web print\ewps_tb.dll
    EB: E-Web Print: {A60C1DC7-64B3-4AD9-8E67-035D11B8B2B0} - d:\program files\epson software\e-web print\ewps_tb.dll
    uRun: [SearchProtect] d:\documents and settings\jeff\application data\searchprotect\bin\cltmng.exe
    uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
    uRun: [msnmsgr] "d:\program files\windows live\messenger\msnmsgr.exe" /background
    uRunOnce: [FlashPlayerUpdate] d:\windows\system32\macromed\flash\FlashUtil32_11_4_402_287_Plugin.exe -update plugin
    mRun: [IntelZeroConfig] "d:\program files\intel\wireless\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "d:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /installquiet
    mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    mRun: [NvMediaCenter] RUNDLL32.EXE d:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [ChangeTPMAuth] d:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
    mRun: [SunJavaUpdateSched] d:\program files\java\jre1.5.0_06\bin\jusched.exe
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [Dell QuickSet] d:\program files\dell\quickset\quickset.exe
    mRun: [SynTPEnh] d:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [ISW] d:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
    mRun: [ZoneAlarm] "d:\program files\checkpoint\zonealarm\zatray.exe"
    mRun: [APSDaemon] "d:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
    mRun: [Ad-Aware Browsing Protection] "d:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
    mRun: [PDVDDXSrv] "d:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [HP Software Update] d:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [Adobe ARM] "d:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [PowerDVD12DMREngine] "d:\program files\cyberlink\powerdvd12\kernel\dmr\PowerDVD12DMREngine.exe"
    mRun: [PowerDVD12Agent] "d:\program files\cyberlink\powerdvd12\PowerDVD12Agent.exe"
    mRun: [EEventManager] "d:\program files\epson software\event manager\EEventManager.exe"
    mRun: [FUFAXRCV] "d:\program files\epson software\fax utility\FUFAXRCV.exe"
    mRun: [FUFAXSTM] "d:\program files\epson software\fax utility\FUFAXSTM.exe"
    mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [USBToolTip] d:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe
    mRun: [SearchProtectAll] d:\program files\searchprotect\bin\cltmng.exe
    mRun: [MSC] "d:\program files\microsoft security client\msseces.exe" -hide -runkey
    dRun: [DWQueuedReporting] "d:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - d:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
    StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - d:\program files\digital line detect\DLG.exe
    StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - d:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - d:\program files\windows desktop search\WindowsSearch.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - d:\program files\java\jre1.5.0_06\bin\ssv.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\spybot - search & destroy\SDHelper.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1343712404168
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1362982937296
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    TCP: NameServer = 10.0.0.1
    TCP: Interfaces\{1F0D5606-B5CA-40BE-8255-0BA7B935EC63} : DHCPNameServer = 10.0.0.1
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - d:\program files\windows desktop search\MSNLNamespaceMgr.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - d:\documents and settings\jeff\application data\mozilla\firefox\profiles\0em5le4q.default\
    FF - prefs.js: browser.startup.homepage - www.yahoo.com
    FF - plugin: d:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: d:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
    FF - plugin: d:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
    FF - plugin: d:\program files\microsoft\office live\npOLW.dll
    FF - plugin: d:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
    FF - ExtSQL: 2013-02-16 00:46; e-webprint@epson.com; d:\program files\epson software\e-web print\Firefox Add-on
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 KL1;kl1;d:\windows\system32\drivers\kl1.sys [2012-7-31 133208]
    R0 MpFilter;Microsoft Malware Protection Driver;d:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
    R1 kl2;kl2;d:\windows\system32\drivers\kl2.sys [2012-7-31 11352]
    R1 KLIF;Kaspersky Lab Driver;d:\windows\system32\drivers\klif.sys [2012-7-31 485808]
    R1 Vsdatant;vsdatant;d:\windows\system32\vsdatant.sys [2012-7-22 526640]
    R2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2013/02/01 21:21:53];d:\program files\cyberlink\powerdvd12\common\navfilter\000.fcl [2012-12-28 76560]
    R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;d:\program files\broadcom\asfipmon\AsfIpMon.exe [2007-6-20 79168]
    R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;d:\program files\cyberlink\powerdvd12\kernel\dmp\clhnserver\CLHNServiceForPowerDVD12.exe [2013-2-1 91248]
    R2 CltMngSvc;Search Protect by Conduit Updater;d:\program files\searchprotect\bin\CltMngSvc.exe [2013-2-20 93984]
    R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;d:\program files\cyberlink\powerdvd12\kernel\dms\CLMSMonitorServicePDVD12.exe [2013-2-1 78960]
    R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;d:\program files\cyberlink\powerdvd12\kernel\dms\CLMSServerPDVD12.exe [2013-2-1 296048]
    R2 EpsonCustomerParticipation;EpsonCustomerParticipation;d:\program files\epson\epsoncustomerparticipation\EPCP.exe [2012-5-10 539744]
    R2 EpsonScanSvc;Epson Scanner Service;d:\windows\system32\escsvc.exe [2013-2-13 122000]
    R2 ISWKL;ZoneAlarm ForceField ISWKL;d:\program files\checkpoint\zaforcefield\ISWKL.sys [2012-7-14 27056]
    R2 IswSvc;ZoneAlarm ForceField IswSvc;d:\program files\checkpoint\zaforcefield\ISWSVC.exe [2012-7-14 497320]
    R2 MBAMScheduler;MBAMScheduler;d:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-11 398184]
    R2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-11-11 682344]
    R2 ntk_PowerDVD12;ntk_PowerDVD12;d:\program files\cyberlink\powerdvd12\kernel\dmp\clhnserver\ntk_PowerDVD12.sys [2013-2-1 121208]
    R2 vsmon;TrueVector Internet Monitor;d:\program files\checkpoint\zonealarm\vsmon.exe -service --> d:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
    R3 icsak;icsak;d:\program files\checkpoint\zaforcefield\ak\icsak.sys [2012-7-14 36784]
    R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [2012-11-11 21104]
    S1 SBRE;SBRE;\??\d:\windows\system32\drivers\sbredrv.sys --> d:\windows\system32\drivers\SBREdrv.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 MBAMSwissArmy;MBAMSwissArmy;d:\windows\system32\drivers\mbamswissarmy.sys [2013-3-18 40776]
    S3 WinRM;Windows Remote Management (WS-Management);d:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2013-03-21 20:07:06 7108640 ----a-w- d:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ca5bdd50-36ec-42df-9b8b-5e77f0d96314}\mpengine.dll
    2013-03-19 21:53:24 6954968 ------w- d:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2013-03-19 21:48:54 -------- d-----w- d:\documents and settings\jeff\application data\SearchProtect
    2013-03-19 05:47:14 40776 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
    2013-03-12 20:25:33 12928 -c----w- d:\windows\system32\dllcache\usb8023x.sys
    2013-03-12 20:25:33 12928 -c----w- d:\windows\system32\dllcache\usb8023.sys
    2013-03-11 22:46:42 -------- d-----w- d:\documents and settings\jeff\Tracing
    2013-03-11 22:44:36 -------- d-----w- d:\program files\Microsoft Office Outlook Connector
    2013-03-11 22:41:46 3426072 ----a-w- d:\windows\system32\d3dx9_32.dll
    2013-03-11 22:38:37 -------- d-----w- d:\program files\Microsoft
    2013-03-11 22:38:05 -------- d-----w- d:\program files\Windows Live SkyDrive
    2013-03-11 22:37:06 4927864 ----a-w- d:\program files\common files\windows live\.cache\f5d64f481ce1ea8\Silverlight.2.0.exe
    2013-03-11 22:35:22 74520 ----a-w- d:\program files\common files\windows live\.cache\b77508841ce1ea8\DSETUP.dll
    2013-03-11 22:35:22 484632 ----a-w- d:\program files\common files\windows live\.cache\b77508841ce1ea8\DXSETUP.exe
    2013-03-11 22:35:22 1670936 ----a-w- d:\program files\common files\windows live\.cache\b77508841ce1ea8\dsetup32.dll
    2013-03-11 22:35:07 1013800 ----a-w- d:\program files\common files\windows live\.cache\aeda0bac1ce1ea8\WindowsXP-KB954708-x86-ENU.exe
    2013-03-11 22:01:14 -------- d-----w- d:\program files\common files\Windows Live
    2013-03-10 01:32:47 222448 ----a-w- d:\windows\system32\muweb.dll
    2013-03-10 01:32:45 275696 ----a-w- d:\windows\system32\mucltui.dll
    2013-03-10 01:32:45 17136 ----a-w- d:\windows\system32\mucltui.dll.mui
    2013-03-10 00:48:53 232336 ------w- d:\windows\system32\MpSigStub.exe
    2013-03-10 00:39:51 -------- d-----w- d:\program files\Microsoft Security Client
    2013-03-09 06:15:51 -------- d-----w- d:\documents and settings\jeff\.SimXpert
    2013-03-09 05:43:25 -------- d-----w- d:\documents and settings\jeff\CDMData
    2013-03-09 05:38:47 -------- d-----w- d:\documents and settings\jeff\scratch
    2013-03-09 05:38:47 -------- d-----w- d:\documents and settings\jeff\Process
    2013-03-09 04:53:32 -------- d-----w- D:\MSC Software
    2013-03-08 23:04:40 -------- d-----w- D:\SCRATCH
    2013-03-08 22:34:54 -------- d-----w- D:\MSC.Software
    2013-03-08 06:18:00 80090 ----a-w- d:\documents and settings\jeff\application data\SMBIOSSP.exe
    2013-03-07 02:38:09 -------- d-----w- d:\program files\common files\Gretech Corporation
    2013-03-07 02:38:08 -------- d-----w- d:\documents and settings\all users\application data\GRETECH
    2013-03-07 02:35:32 -------- d-----w- d:\program files\GRETECH
    2013-03-07 01:16:36 -------- d-----w- d:\program files\Conduit
    2013-03-07 01:16:07 -------- d-----w- d:\documents and settings\jeff\local settings\application data\Conduit
    2013-03-07 01:16:06 -------- d-----w- d:\documents and settings\jeff\local settings\application data\Temp
    2013-03-07 01:15:23 -------- d-----w- d:\program files\SearchProtect
    2013-03-04 17:15:23 -------- d-----w- d:\documents and settings\jeff\local settings\application data\Pinnacle
    2013-03-04 04:48:11 171520 ----a-w- d:\windows\system32\drivers\MarvinBus.sys
    2013-03-04 04:47:54 -------- d-----w- d:\program files\common files\Pinnacle
    2013-03-04 04:46:31 -------- d-----w- d:\documents and settings\all users\application data\Pinnacle Studio HD
    2013-03-04 04:37:15 -------- d-----w- d:\program files\common files\Pegasus Imaging
    2013-03-04 04:37:12 -------- d-----w- d:\program files\common files\Yahoo!
    2013-03-04 04:37:11 -------- d-----w- d:\program files\Pinnacle
    2013-03-04 04:37:11 -------- d-----w- d:\documents and settings\all users\application data\Studio 14
    2013-03-04 04:37:11 -------- d-----w- d:\documents and settings\all users\application data\Pinnacle Studio Plus
    2013-03-03 23:06:32 -------- d-----w- d:\documents and settings\all users\CyberLink
    2013-03-03 23:01:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin7.dll
    2013-03-03 23:01:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin6.dll
    2013-03-03 23:01:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin5.dll
    2013-03-03 23:01:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin4.dll
    2013-03-03 23:01:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin3.dll
    2013-03-03 23:01:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin2.dll
    2013-03-03 23:01:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin.dll
    2013-03-03 22:41:46 447479568 ----a-w- d:\program files\CL.2418_GM4_Trial_VDE121106-02.exe
    2013-02-27 05:35:55 -------- d-----w- d:\windows\system32\NtmsData
    .
    ==================== Find3M ====================
    .
    2013-02-12 00:32:23 12928 ----a-w- d:\windows\system32\drivers\usb8023.sys
    2013-02-12 00:32:23 12928 ------w- d:\windows\system32\drivers\usb8023x.sys
    2013-02-05 20:05:47 916480 ----a-w- d:\windows\system32\wininet.dll
    2013-02-05 20:05:46 43520 ------w- d:\windows\system32\licmgr10.dll
    2013-02-05 20:05:46 1469440 ------w- d:\windows\system32\inetcpl.cpl
    2013-02-05 05:53:57 385024 ------w- d:\windows\system32\html.iec
    2013-01-26 03:55:44 552448 ----a-w- d:\windows\system32\oleaut32.dll
    2013-01-25 16:48:32 3915776 ----a-w- d:\windows\system32\ffmpeg.dll
    2013-01-25 16:47:32 112640 ----a-w- d:\windows\system32\ff_vfw.dll
    2013-01-25 16:47:18 3500544 ----a-w- d:\windows\system32\ffdshow.ax
    2013-01-25 16:46:18 271360 ----a-w- d:\windows\system32\TomsMoComp_ff.dll
    2013-01-25 16:46:16 99840 ----a-w- d:\windows\system32\ff_wmv9.dll
    2013-01-25 16:46:16 157184 ----a-w- d:\windows\system32\ff_unrar.dll
    2013-01-25 16:46:12 211968 ----a-w- d:\windows\system32\ff_libdts.dll
    2013-01-25 16:46:12 147456 ----a-w- d:\windows\system32\ff_libmad.dll
    2013-01-25 16:46:08 1525760 ----a-w- d:\windows\system32\ff_samplerate.dll
    2013-01-25 16:46:08 114688 ----a-w- d:\windows\system32\ff_liba52.dll
    2013-01-25 16:00:40 420008 ----a-w- d:\windows\system32\LAVSplitter.ax
    2013-01-25 16:00:40 384472 ----a-w- d:\windows\system32\swscale-lav-2.dll
    2013-01-25 16:00:40 279208 ----a-w- d:\windows\system32\IntelQuickSyncDecoder.dll
    2013-01-25 16:00:40 247920 ----a-w- d:\windows\system32\avutil-lav-52.dll
    2013-01-25 16:00:40 243880 ----a-w- d:\windows\system32\LAVAudio.ax
    2013-01-25 16:00:40 183976 ----a-w- d:\windows\system32\libbluray.dll
    2013-01-25 16:00:40 165160 ----a-w- d:\windows\system32\avresample-lav-1.dll
    2013-01-25 16:00:40 1186984 ----a-w- d:\windows\system32\LAVVideo.ax
    2013-01-25 16:00:38 7833552 ----a-w- d:\windows\system32\avcodec-lav-54.dll
    2013-01-25 16:00:38 169888 ----a-w- d:\windows\system32\avfilter-lav-3.dll
    2013-01-25 16:00:38 1257464 ----a-w- d:\windows\system32\avformat-lav-54.dll
    2013-01-20 23:59:04 195296 ----a-w- d:\windows\system32\drivers\MpFilter.sys
    2013-01-07 01:19:45 2148864 ----a-w- d:\windows\system32\ntoskrnl.exe
    2013-01-07 00:37:01 2027520 ----a-w- d:\windows\system32\ntkrnlpa.exe
    2013-01-04 01:20:00 1867264 ----a-w- d:\windows\system32\win32k.sys
    2013-01-02 06:49:10 148992 ----a-w- d:\windows\system32\mpg2splt.ax
    2013-01-02 06:49:10 1292288 ----a-w- d:\windows\system32\quartz.dll
    .
    ============= FINISH: 14:13:55.23 ===============

    Here is the log from the aswMBR scan:

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-03-21 14:33:17
    -----------------------------
    14:33:17.328 OS Version: Windows 5.1.2600 Service Pack 3
    14:33:17.328 Number of processors: 2 586 0x1706
    14:33:17.328 ComputerName: OSCAR2 UserName: JEFF
    14:33:27.484 Initialize success
    14:58:45.187 AVAST engine defs: 13032102
    15:01:56.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
    15:01:56.812 Disk 0 Vendor: WDC_WD7500BPVT-22HXZT1 01.01A01 Size: 715404MB BusType: 3
    15:01:56.984 Disk 0 MBR read successfully
    15:01:56.984 Disk 0 MBR scan
    15:01:57.046 Disk 0 Windows XP default MBR code
    15:01:57.046 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
    15:01:57.093 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 114416 MB offset 208845
    15:01:57.109 Disk 0 Partition - 00 0F Extended LBA 515405 MB offset 409593240
    15:01:57.125 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 199996 MB offset 409593303
    15:01:57.140 Disk 0 Partition - 00 05 Extended 315408 MB offset 819186480
    15:01:57.156 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 315408 MB offset 819186543
    15:01:57.156 Disk 0 scanning sectors +1465144065
    15:01:57.218 Disk 0 scanning D:\WINDOWS\system32\drivers
    15:02:18.640 Service scanning
    15:02:38.421 Service MpKsl5be7457a D:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CA5BDD50-36EC-42DF-9B8B-5E77F0D96314}\MpKsl5be7457a.sys **LOCKED** 32
    15:03:01.500 Modules scanning
    15:03:14.062 Disk 0 trace - called modules:
    15:03:14.078 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
    15:03:14.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac35820]
    15:03:14.093 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8acd8d98]
    15:03:15.328 AVAST engine scan D:\WINDOWS
    15:03:28.265 AVAST engine scan D:\WINDOWS\system32
    15:08:01.468 AVAST engine scan D:\WINDOWS\system32\drivers
    15:08:27.984 AVAST engine scan D:\Documents and Settings\JEFF
    15:12:48.953 Disk 0 MBR has been saved successfully to "D:\Documents and Settings\JEFF\My Documents\MBR.dat"
    15:12:48.953 The log file has been saved successfully to "D:\Documents and Settings\JEFF\My Documents\aswMBR.txt"

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi roberts1008,

    Your post is a few days old. If you still need some help simply reply back.
    How Can I Reduce My Risk?

  3. #3
    Junior Member
    Join Date
    Mar 2013
    Posts
    8

    Exclamation Can't remove Win32.downloader.gen malware!

    Hello "shelf life",

    Yes, I realize that it's a few days old. But, I do still need help. I was told that you guys are volunteers, so it takes longer than normal.

    If you could, please assist.

  4. #4
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    Hi,

    Ok we will do two things: First look in your add/remove programs panel and unninstall if present, the two items below. After both uninstalls are done reboot your machine.

    Search Protect by conduit
    MarketResearch

    Next:

    Please download AdwCleaner to your desktop.
    Double click on AdwCleaner.exe, select OK, then Run
    Click on Search
    A logfile will automatically open after the scan has finished
    Copy and paste the contents of the log file in your reply
    You can also find the logfile at C:\AdwCleaner[R1].txt as well
    Exit AdwCleaner with the X (close) button. click ok at the final prompt.

    On a side note it looks like you have two AV running. Both MS Security Essentials and ZA Antivirus. Only need one active AV per machine. I would remove one of them via the add/remove programs panel then reboot.
    How Can I Reduce My Risk?

  5. #5
    Junior Member
    Join Date
    Mar 2013
    Posts
    8

    Exclamation Can't remove Win32.downloader.gen malware!

    Thanks, "shelf life"!

    MarketResearch was not listed.
    However, Search Protect by conduit was listed. So, I deleted it.

    Regarding the Microsoft Security Essentials, I had added it because I was told it could remove the malware, but obviously it hasn't, so I'll remove it.



    Below are the results of AdwCleaner:

    # AdwCleaner v2.115 - Logfile created 03/28/2013 at 23:14:40
    # Updated 17/03/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : JEFF - OSCAR2
    # Boot Mode : Normal
    # Running from : D:\Documents and Settings\JEFF\My Documents\Downloads\AdwCleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Found : D:\END
    Folder Found : D:\DOCUME~1\JEFF\LOCALS~1\Temp\AskSearch
    Folder Found : D:\Documents and Settings\All Users\Application Data\blekko toolbars
    Folder Found : D:\Documents and Settings\JEFF\Application Data\adawaretb
    Folder Found : D:\Documents and Settings\JEFF\Application Data\Claro LTD
    Folder Found : D:\Documents and Settings\JEFF\Local Settings\Application Data\Conduit
    Folder Found : D:\Program Files\Conduit
    Folder Found : D:\Program Files\Playbryte

    ***** [Registry] *****

    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Found : HKCU\Software\SearchProtect
    Key Found : HKCU\Software\SmartBar
    Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Found : HKLM\SOFTWARE\Classes\AxSHDocVw.AxWebBrowser
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{6823F25B-4D75-38A1-A163-7C696B45701F}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{97C47A30-3CFB-474B-94E3-6019A7EE0610}
    Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
    Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
    Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
    Key Found : HKLM\SOFTWARE\Classes\Prod.cap
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\claro
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Playbryte
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Found : HKLM\Software\PIP
    Key Found : HKLM\Software\Playbryte
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://www.claro-search.com/?affID=117226&tt=4412_4&babsrc=NT_ss&mntrId=408acf2d000000000000001f3b016bd9

    -\\ Mozilla Firefox v19.0.2 (en-US)

    File : D:\Documents and Settings\JEFF\Application Data\Mozilla\Firefox\Profiles\0em5le4q.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v [Unable to get version]

    File : D:\Documents and Settings\JEFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [3921 octets] - [28/03/2013 23:14:40]

    ########## EOF - D:\AdwCleaner[R1].txt - [3981 octets] ##########

  6. #6
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi,

    Ok good. Run Adwcleaner again by clicking the search button. Close the log file that pops up since you already posted that then click on the delete button. Your machine will reboot and after it restarts a new log file will come up with all the deletions, copy post the new log file in your reply.

    Also after the above rescan with DDS like you did before and post its log also:

    Download to your desktop DDS from one of the links below:

    Link

    Double click the tool to run it.
    If a black Screen opens, just read the contents and do nothing.
    When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
    Copy/Paste the contents of 'DDS.txt' into your post. Please do not use code wrap.
    'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files)
    How Can I Reduce My Risk?

  7. #7
    Junior Member
    Join Date
    Mar 2013
    Posts
    8

    Exclamation Can't remove Win32.downloader.gen malware!

    Hey 'shelf life',

    After running AdwCleaner, it posted the following message:

    --------
    If you have been brought to use AdwCleaner, it’s probably because your PC contained potentially unwanted programs or adware
    Potentially unwanted programs are often proposed during the installation of software. They may be present form of toolbars that sometimes change the home page of the browser and slow internet browsing
    To avoid the installation of these programs polluting the computer, it is essential to follow these tips:
    - Always download a program from the official link, or a trusted site
    - When installing a program, do not click too fast [Next] without paying attention to Terms of Use and third-party programs available
    - If third-party programs are available (toolbars, etc..), uncheck all checkboxes about him
    - Enable detection of PUPs in your antivirus
    You can also install Host Anti-PUP/Adware from AdwCleaner by clicking “?” and then “Download Hosts Anti-PUP/Adware”

    ---------------

    What is a PUP? I currently am using ZoneAlarm Extreme Security, Malwarebytes Anti-Malware and Spybot Search and Destroy. Should I add any other protection?

    Here is the AdwCleaner log file:

    ----------------

    # AdwCleaner v2.115 - Logfile created 03/29/2013 at 12:04:00
    # Updated 17/03/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : JEFF - OSCAR2
    # Boot Mode : Normal
    # Running from : D:\Documents and Settings\JEFF\My Documents\Downloads\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : D:\END
    Folder Deleted : D:\DOCUME~1\JEFF\LOCALS~1\Temp\AskSearch
    Folder Deleted : D:\Documents and Settings\All Users\Application Data\blekko toolbars
    Folder Deleted : D:\Documents and Settings\JEFF\Application Data\adawaretb
    Folder Deleted : D:\Documents and Settings\JEFF\Application Data\Claro LTD
    Folder Deleted : D:\Documents and Settings\JEFF\Local Settings\Application Data\Conduit
    Folder Deleted : D:\Program Files\Conduit
    Folder Deleted : D:\Program Files\Playbryte

    ***** [Registry] *****

    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Deleted : HKCU\Software\SmartBar
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AxSHDocVw.AxWebBrowser
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6823F25B-4D75-38A1-A163-7C696B45701F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97C47A30-3CFB-474B-94E3-6019A7EE0610}
    Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
    Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\claro
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Playbryte
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Deleted : HKLM\Software\PIP
    Key Deleted : HKLM\Software\Playbryte
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://www.claro-search.com/?affID=117226&tt=4412_4&babsrc=NT_ss&mntrId=408acf2d000000000000001f3b016bd9 --> hxxp://www.google.com

    -\\ Mozilla Firefox v19.0.2 (en-US)

    File : D:\Documents and Settings\JEFF\Application Data\Mozilla\Firefox\Profiles\0em5le4q.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v [Unable to get version]

    File : D:\Documents and Settings\JEFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [4050 octets] - [28/03/2013 23:14:40]
    AdwCleaner[R2].txt - [4069 octets] - [29/03/2013 12:03:22]
    AdwCleaner[S1].txt - [4119 octets] - [29/03/2013 12:04:00]

    ########## EOF - D:\AdwCleaner[S1].txt - [4179 octets] ##########

    --------------

    And, here is the DDS log file:

    --------------

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702
    Run by JEFF at 12:18:35 on 2013-03-29
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1663 [GMT -7:00]
    .
    AV: ZoneAlarm Extreme Security Antivirus *Enabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
    FW: ZoneAlarm Extreme Security Firewall *Enabled*
    .
    ============== Running Processes ================
    .
    D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\System32\SCardSvr.exe
    D:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    D:\Program Files\Bonjour\mDNSResponder.exe
    D:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
    D:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
    D:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
    D:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
    D:\WINDOWS\system32\EscSvc.exe
    D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    D:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    D:\WINDOWS\system32\nvsvc32.exe
    D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    D:\Program Files\CyberLink\Shared Files\RichVideo.exe
    D:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    D:\WINDOWS\system32\SearchIndexer.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\WINDOWS\system32\wbem\wmiprvse.exe
    D:\WINDOWS\System32\alg.exe
    D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    D:\WINDOWS\system32\rundll32.exe
    D:\WINDOWS\system32\RUNDLL32.EXE
    D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    D:\WINDOWS\stsystra.exe
    D:\Program Files\Dell\QuickSet\quickset.exe
    D:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    D:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
    D:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    D:\Program Files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
    D:\Program Files\iPod\bin\iPodService.exe
    D:\Program Files\Epson Software\Event Manager\EEventManager.exe
    D:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
    D:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
    D:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    D:\Program Files\Digital Line Detect\DLG.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    D:\Program Files\Windows Desktop Search\WindowsSearch.exe
    D:\WINDOWS\system32\NOTEPAD.EXE
    D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    D:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    D:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\Program Files\Mozilla Firefox\plugin-container.exe
    D:\WINDOWS\system32\SearchProtocolHost.exe
    D:\WINDOWS\system32\SearchFilterHost.exe
    D:\WINDOWS\system32\wbem\wmiprvse.exe
    D:\WINDOWS\System32\svchost.exe -k netsvcs
    D:\WINDOWS\system32\svchost.exe -k NetworkService
    D:\WINDOWS\system32\svchost.exe -k LocalService
    D:\WINDOWS\system32\svchost.exe -k LocalService
    D:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - d:\program files\epson software\e-web print\ewps_tb.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\spybot - search & destroy\SDHelper.dll
    BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - d:\program files\java\jre1.5.0_06\bin\ssv.dll
    BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - d:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - d:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - d:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    TB: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - d:\program files\epson software\e-web print\ewps_tb.dll
    EB: E-Web Print: {A60C1DC7-64B3-4AD9-8E67-035D11B8B2B0} - d:\program files\epson software\e-web print\ewps_tb.dll
    uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
    uRun: [msnmsgr] "d:\program files\windows live\messenger\msnmsgr.exe" /background
    mRun: [IntelZeroConfig] "d:\program files\intel\wireless\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "d:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /installquiet
    mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    mRun: [NvMediaCenter] RUNDLL32.EXE d:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [ChangeTPMAuth] d:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
    mRun: [SunJavaUpdateSched] d:\program files\java\jre1.5.0_06\bin\jusched.exe
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [Dell QuickSet] d:\program files\dell\quickset\quickset.exe
    mRun: [SynTPEnh] d:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [ISW] d:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
    mRun: [ZoneAlarm] "d:\program files\checkpoint\zonealarm\zatray.exe"
    mRun: [APSDaemon] "d:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
    mRun: [Ad-Aware Browsing Protection] "d:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
    mRun: [PDVDDXSrv] "d:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [HP Software Update] d:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [Adobe ARM] "d:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [PowerDVD12DMREngine] "d:\program files\cyberlink\powerdvd12\kernel\dmr\PowerDVD12DMREngine.exe"
    mRun: [PowerDVD12Agent] "d:\program files\cyberlink\powerdvd12\PowerDVD12Agent.exe"
    mRun: [EEventManager] "d:\program files\epson software\event manager\EEventManager.exe"
    mRun: [FUFAXRCV] "d:\program files\epson software\fax utility\FUFAXRCV.exe"
    mRun: [FUFAXSTM] "d:\program files\epson software\fax utility\FUFAXSTM.exe"
    mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [USBToolTip] d:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe
    dRun: [DWQueuedReporting] "d:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - d:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
    StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - d:\program files\digital line detect\DLG.exe
    StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - d:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - d:\program files\windows desktop search\WindowsSearch.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - d:\program files\java\jre1.5.0_06\bin\ssv.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\spybot - search & destroy\SDHelper.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1343712404168
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1362982937296
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    TCP: NameServer = 10.0.0.1
    TCP: Interfaces\{1F0D5606-B5CA-40BE-8255-0BA7B935EC63} : DHCPNameServer = 10.0.0.1
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - d:\program files\windows desktop search\MSNLNamespaceMgr.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - d:\documents and settings\jeff\application data\mozilla\firefox\profiles\0em5le4q.default\
    FF - prefs.js: browser.startup.homepage - www.yahoo.com
    FF - plugin: d:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: d:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
    FF - plugin: d:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
    FF - plugin: d:\program files\microsoft\office live\npOLW.dll
    FF - plugin: d:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
    FF - ExtSQL: 2013-02-16 00:46; e-webprint@epson.com; d:\program files\epson software\e-web print\Firefox Add-on
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 KL1;kl1;d:\windows\system32\drivers\kl1.sys [2012-7-31 133208]
    R1 kl2;kl2;d:\windows\system32\drivers\kl2.sys [2012-7-31 11352]
    R1 KLIF;Kaspersky Lab Driver;d:\windows\system32\drivers\klif.sys [2012-7-31 485808]
    R1 Vsdatant;vsdatant;d:\windows\system32\vsdatant.sys [2012-7-22 526640]
    R2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2013/02/01 21:21:53];d:\program files\cyberlink\powerdvd12\common\navfilter\000.fcl [2012-12-28 76560]
    R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;d:\program files\broadcom\asfipmon\AsfIpMon.exe [2007-6-20 79168]
    R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;d:\program files\cyberlink\powerdvd12\kernel\dmp\clhnserver\CLHNServiceForPowerDVD12.exe [2013-2-1 91248]
    R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;d:\program files\cyberlink\powerdvd12\kernel\dms\CLMSMonitorServicePDVD12.exe [2013-2-1 78960]
    R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;d:\program files\cyberlink\powerdvd12\kernel\dms\CLMSServerPDVD12.exe [2013-2-1 296048]
    R2 EpsonCustomerParticipation;EpsonCustomerParticipation;d:\program files\epson\epsoncustomerparticipation\EPCP.exe [2012-5-10 539744]
    R2 EpsonScanSvc;Epson Scanner Service;d:\windows\system32\escsvc.exe [2013-2-13 122000]
    R2 ISWKL;ZoneAlarm ForceField ISWKL;d:\program files\checkpoint\zaforcefield\ISWKL.sys [2012-7-14 27056]
    R2 IswSvc;ZoneAlarm ForceField IswSvc;d:\program files\checkpoint\zaforcefield\ISWSVC.exe [2012-7-14 497320]
    R2 MBAMScheduler;MBAMScheduler;d:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-11 398184]
    R2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-11-11 682344]
    R2 ntk_PowerDVD12;ntk_PowerDVD12;d:\program files\cyberlink\powerdvd12\kernel\dmp\clhnserver\ntk_PowerDVD12.sys [2013-2-1 121208]
    R2 vsmon;TrueVector Internet Monitor;d:\program files\checkpoint\zonealarm\vsmon.exe -service --> d:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
    R3 icsak;icsak;d:\program files\checkpoint\zaforcefield\ak\icsak.sys [2012-7-14 36784]
    R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [2012-11-11 21104]
    S1 SBRE;SBRE;\??\d:\windows\system32\drivers\sbredrv.sys --> d:\windows\system32\drivers\SBREdrv.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 WinRM;Windows Remote Management (WS-Management);d:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2013-03-22 17:33:40 -------- d-----w- d:\program files\Citrix
    2013-03-12 20:25:33 12928 -c----w- d:\windows\system32\dllcache\usb8023x.sys
    2013-03-12 20:25:33 12928 -c----w- d:\windows\system32\dllcache\usb8023.sys
    2013-03-11 22:46:42 -------- d-----w- d:\documents and settings\jeff\Tracing
    2013-03-11 22:44:36 -------- d-----w- d:\program files\Microsoft Office Outlook Connector
    2013-03-11 22:41:46 3426072 ----a-w- d:\windows\system32\d3dx9_32.dll
    2013-03-11 22:38:37 -------- d-----w- d:\program files\Microsoft
    2013-03-11 22:38:05 -------- d-----w- d:\program files\Windows Live SkyDrive
    2013-03-11 22:37:06 4927864 ----a-w- d:\program files\common files\windows live\.cache\f5d64f481ce1ea8\Silverlight.2.0.exe
    2013-03-11 22:35:22 74520 ----a-w- d:\program files\common files\windows live\.cache\b77508841ce1ea8\DSETUP.dll
    2013-03-11 22:35:22 484632 ----a-w- d:\program files\common files\windows live\.cache\b77508841ce1ea8\DXSETUP.exe
    2013-03-11 22:35:22 1670936 ----a-w- d:\program files\common files\windows live\.cache\b77508841ce1ea8\dsetup32.dll
    2013-03-11 22:35:07 1013800 ----a-w- d:\program files\common files\windows live\.cache\aeda0bac1ce1ea8\WindowsXP-KB954708-x86-ENU.exe
    2013-03-11 22:01:14 -------- d-----w- d:\program files\common files\Windows Live
    2013-03-10 01:32:47 222448 ----a-w- d:\windows\system32\muweb.dll
    2013-03-10 01:32:45 275696 ----a-w- d:\windows\system32\mucltui.dll
    2013-03-10 01:32:45 17136 ----a-w- d:\windows\system32\mucltui.dll.mui
    2013-03-10 00:48:53 232336 ------w- d:\windows\system32\MpSigStub.exe
    2013-03-09 06:15:51 -------- d-----w- d:\documents and settings\jeff\.SimXpert
    2013-03-09 05:43:25 -------- d-----w- d:\documents and settings\jeff\CDMData
    2013-03-09 05:38:47 -------- d-----w- d:\documents and settings\jeff\scratch
    2013-03-09 05:38:47 -------- d-----w- d:\documents and settings\jeff\Process
    2013-03-09 04:53:32 -------- d-----w- D:\MSC Software
    2013-03-08 23:04:40 -------- d-----w- D:\SCRATCH
    2013-03-08 22:34:54 -------- d-----w- D:\MSC.Software
    2013-03-08 06:18:00 80090 ----a-w- d:\documents and settings\jeff\application data\SMBIOSSP.exe
    2013-03-07 02:38:09 -------- d-----w- d:\program files\common files\Gretech Corporation
    2013-03-07 02:38:08 -------- d-----w- d:\documents and settings\all users\application data\GRETECH
    2013-03-07 02:35:32 -------- d-----w- d:\program files\GRETECH
    2013-03-07 01:16:06 -------- d-----w- d:\documents and settings\jeff\local settings\application data\Temp
    2013-03-04 17:15:23 -------- d-----w- d:\documents and settings\jeff\local settings\application data\Pinnacle
    2013-03-04 04:48:11 171520 ----a-w- d:\windows\system32\drivers\MarvinBus.sys
    2013-03-04 04:47:54 -------- d-----w- d:\program files\common files\Pinnacle
    2013-03-04 04:46:31 -------- d-----w- d:\documents and settings\all users\application data\Pinnacle Studio HD
    2013-03-04 04:37:15 -------- d-----w- d:\program files\common files\Pegasus Imaging
    2013-03-04 04:37:12 -------- d-----w- d:\program files\common files\Yahoo!
    2013-03-04 04:37:11 -------- d-----w- d:\program files\Pinnacle
    2013-03-04 04:37:11 -------- d-----w- d:\documents and settings\all users\application data\Studio 14
    2013-03-04 04:37:11 -------- d-----w- d:\documents and settings\all users\application data\Pinnacle Studio Plus
    2013-03-03 23:06:32 -------- d-----w- d:\documents and settings\all users\CyberLink
    2013-03-03 23:01:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin7.dll
    2013-03-03 23:01:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin6.dll
    2013-03-03 23:01:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin5.dll
    2013-03-03 23:01:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin4.dll
    2013-03-03 23:01:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin3.dll
    2013-03-03 23:01:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin2.dll
    2013-03-03 23:01:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin.dll
    2013-03-03 22:41:46 447479568 ----a-w- d:\program files\CL.2418_GM4_Trial_VDE121106-02.exe
    .
    ==================== Find3M ====================
    .
    2013-02-12 00:32:23 12928 ----a-w- d:\windows\system32\drivers\usb8023.sys
    2013-02-12 00:32:23 12928 ------w- d:\windows\system32\drivers\usb8023x.sys
    2013-02-05 20:05:47 916480 ----a-w- d:\windows\system32\wininet.dll
    2013-02-05 20:05:46 43520 ------w- d:\windows\system32\licmgr10.dll
    2013-02-05 20:05:46 1469440 ------w- d:\windows\system32\inetcpl.cpl
    2013-02-05 05:53:57 385024 ------w- d:\windows\system32\html.iec
    2013-01-26 03:55:44 552448 ----a-w- d:\windows\system32\oleaut32.dll
    2013-01-25 16:48:32 3915776 ----a-w- d:\windows\system32\ffmpeg.dll
    2013-01-25 16:47:32 112640 ----a-w- d:\windows\system32\ff_vfw.dll
    2013-01-25 16:47:18 3500544 ----a-w- d:\windows\system32\ffdshow.ax
    2013-01-25 16:46:18 271360 ----a-w- d:\windows\system32\TomsMoComp_ff.dll
    2013-01-25 16:46:16 99840 ----a-w- d:\windows\system32\ff_wmv9.dll
    2013-01-25 16:46:16 157184 ----a-w- d:\windows\system32\ff_unrar.dll
    2013-01-25 16:46:12 211968 ----a-w- d:\windows\system32\ff_libdts.dll
    2013-01-25 16:46:12 147456 ----a-w- d:\windows\system32\ff_libmad.dll
    2013-01-25 16:46:08 1525760 ----a-w- d:\windows\system32\ff_samplerate.dll
    2013-01-25 16:46:08 114688 ----a-w- d:\windows\system32\ff_liba52.dll
    2013-01-25 16:00:40 420008 ----a-w- d:\windows\system32\LAVSplitter.ax
    2013-01-25 16:00:40 384472 ----a-w- d:\windows\system32\swscale-lav-2.dll
    2013-01-25 16:00:40 279208 ----a-w- d:\windows\system32\IntelQuickSyncDecoder.dll
    2013-01-25 16:00:40 247920 ----a-w- d:\windows\system32\avutil-lav-52.dll
    2013-01-25 16:00:40 243880 ----a-w- d:\windows\system32\LAVAudio.ax
    2013-01-25 16:00:40 183976 ----a-w- d:\windows\system32\libbluray.dll
    2013-01-25 16:00:40 165160 ----a-w- d:\windows\system32\avresample-lav-1.dll
    2013-01-25 16:00:40 1186984 ----a-w- d:\windows\system32\LAVVideo.ax
    2013-01-25 16:00:38 7833552 ----a-w- d:\windows\system32\avcodec-lav-54.dll
    2013-01-25 16:00:38 169888 ----a-w- d:\windows\system32\avfilter-lav-3.dll
    2013-01-25 16:00:38 1257464 ----a-w- d:\windows\system32\avformat-lav-54.dll
    2013-01-07 01:19:45 2148864 ----a-w- d:\windows\system32\ntoskrnl.exe
    2013-01-07 00:37:01 2027520 ----a-w- d:\windows\system32\ntkrnlpa.exe
    2013-01-04 01:20:00 1867264 ----a-w- d:\windows\system32\win32k.sys
    2013-01-02 06:49:10 148992 ----a-w- d:\windows\system32\mpg2splt.ax
    2013-01-02 06:49:10 1292288 ----a-w- d:\windows\system32\quartz.dll
    .
    ============= FINISH: 12:20:35.79 ===============

  8. #8
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi,

    A PUP (Potentially Unwanted Program) is a program that usually comes along as a add on to some other software. The default is to have it install for you unless you uncheck it. Toolbars are good examples. I have some examples on my web page, link in sig. Toolbars can be resource hogs as well as have privacy concerns.
    Those 3 antimalware you have installed are plenty.
    See if Spybot still flags Win32.downloader now.
    How Can I Reduce My Risk?

  9. #9
    Junior Member
    Join Date
    Mar 2013
    Posts
    8

    Default Thanks for helping me remove Win32.downloader.gen malware!

    Hey 'shelf life',

    I just ran Spybot and it did NOT find anything this time! Thanks so much!

    I have one more question, but I may have to ask ZoneAlarm. For some reason, I have not been able to run a browser with the ZoneAlarm Browser Virtualization protection "on". Supposedly, it "stops silent drive by web attacks from reaching the computer".

    Any idea why that would happen?


  10. #10
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    So if its off your browser functions ok? Is that normally something you would toggle off and on from your browser? Did your browser look any different after you ran Adwcleaner?
    In IE check that any browser add ons are enabled.
    How Can I Reduce My Risk?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •