PDA

View Full Version : VBS:ExeDropper-gen Virius



Muzzo
2010-11-04, 17:10
Hi,

I believe my laptop the VBS:ExeDropper-gen virus. I started noticing this the other day when desktop items started to go missing and programmes failed to open.

I ran a virus scan (Avast) and it came up with 700+ infections.

I'm really at a loss with what to do here. Any help is greatly appreciated!

Thanks in advanced,
Tom



DDS (Ver_10-11-03.01) - NTFS_AMD64
Run by Tom at 14:56:58.07 on 04/11/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4092.2026 [GMT 0:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k yksvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\TweetDeck\TweetDeck.exe
C:\Windows\system32\taskhost.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Tom\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.flashget.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,c:\program files (x86)\microsoft\watermark.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [Google Update] "C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\aniviyuj.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Tom\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Tom\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-9-6 53488]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2009-9-18 121936]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2009/11/03 22:41:43];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-11-3 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [2009-11-3 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-3 203264]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2009-9-18 20048]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2009-9-18 61008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-20 40384]
R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-3-25 5018624]
R2 yksvc;Marvell Yukon Service;C:\Windows\System32\svchost.exe -k yksvcs [2009-7-13 27136]
R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-20 40384]
R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-20 40384]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2009-9-6 172704]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2009-9-6 406016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-28 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-21 1255736]

=============== Created Last 30 ================

2010-11-04 14:55:06 -------- d-----w- C:\Users\Tom\AppData\Roaming\Malwarebytes
2010-11-04 14:54:20 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-11-04 14:54:19 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-11-04 14:54:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-11-04 14:54:19 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-11-04 07:10:45 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{EBF08CE9-05C5-4918-8AE1-B610D93BAB95}\mpengine.dll
2010-11-03 00:15:26 25048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
2010-11-03 00:15:26 140248 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
2010-11-02 23:49:02 144790 ----a-w- C:\Users\Tom\AppData\Local\trzC8A7.tmp
2010-11-02 23:46:14 491520 ----a-w- C:\Program Files (x86)\Windows Media Player\Plugins\trz34EA.tmp
2010-11-02 23:44:25 618496 ----a-w- C:\Program Files (x86)\Mozilla Firefox\trz8899.tmp
2010-11-02 23:44:25 421888 ----a-w- C:\Program Files (x86)\Mozilla Firefox\trz885A.tmp
2010-11-02 23:44:25 233472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\trz897A.tmp
2010-11-02 23:44:25 233472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\trz896A.tmp
2010-11-02 23:44:25 233472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\trz8959.tmp
2010-11-02 23:44:25 233472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\trz8939.tmp
2010-11-02 23:44:25 233472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\trz8928.tmp
2010-11-02 23:44:25 233472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\trz8908.tmp
2010-11-02 23:44:25 233472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\trz88E8.tmp
2010-11-02 23:44:20 487424 ----a-w- C:\Program Files (x86)\Mozilla Firefox\trz763E.tmp
2010-11-02 23:43:23 233472 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\trz972E.tmp
2010-11-02 23:43:23 233472 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\trz970D.tmp
2010-11-02 23:43:23 233472 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\trz96DE.tmp
2010-11-02 23:43:23 233472 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\trz96BD.tmp
2010-11-02 23:43:23 233472 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\trz969D.tmp
2010-11-02 23:43:23 233472 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\trz967D.tmp
2010-11-02 23:43:23 233472 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\trz962E.tmp
2010-11-02 23:36:59 -------- d-----w- C:\Program Files (x86)\windows
2010-10-28 09:27:01 -------- d-----w- C:\Windows\en
2010-10-28 09:25:12 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2010-10-28 09:24:24 -------- d-----w- C:\Program Files (x86)\MSN Toolbar
2010-10-28 09:24:20 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer
2010-10-28 09:24:19 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2010-10-28 09:24:19 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2010-10-28 09:24:19 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2010-10-28 09:20:29 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5c0a9b4d1cb76812e\InstallManager_WLE_WLE.exe
2010-10-28 09:20:12 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5274170d1cb768122\MeshBetaRemover.exe
2010-10-28 09:19:52 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\463c78411cb76811a\DSETUP.dll
2010-10-28 09:19:52 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\463c78411cb76811a\DXSETUP.exe
2010-10-28 09:19:52 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\463c78411cb76811a\dsetup32.dll
2010-10-28 09:19:50 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\45a084181cb768119\DSETUP.dll
2010-10-28 09:19:50 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\45a084181cb768119\DXSETUP.exe
2010-10-28 09:19:50 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\45a084181cb768119\dsetup32.dll
2010-10-28 09:19:07 -------- d-----w- C:\Users\Tom\AppData\Local\Windows Live
2010-10-28 09:18:22 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2010-10-28 09:18:22 206848 ----a-w- C:\Windows\System32\mfps.dll
2010-10-28 09:18:22 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2010-10-28 09:18:21 4068864 ----a-w- C:\Windows\System32\mf.dll
2010-10-28 09:18:21 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2010-10-28 09:18:21 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2010-10-28 09:18:20 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
2010-10-27 14:33:38 -------- dc-h--w- C:\PROGRA~3\{E9952976-DD65-4512-BF1F-BD5BA8139CD6}
2010-10-27 14:33:01 -------- d-----w- C:\Program Files (x86)\Common Files\Native Instruments
2010-10-27 14:32:54 -------- d-----w- C:\PROGRA~3\Native Instruments
2010-10-27 14:32:52 -------- dc-h--w- C:\PROGRA~3\{FB9DCDD5-FDBE-4EED-A03A-BA8F086DC950}
2010-10-27 14:32:48 -------- d-----w- C:\Program Files\Common Files\Native Instruments
2010-10-27 14:31:38 -------- dc-h--w- C:\PROGRA~3\{1E8C7AE2-4367-4069-9771-8176841822C4}
2010-10-27 14:29:31 -------- dc-h--w- C:\PROGRA~3\{1E073424-A3F8-474B-A503-A99428594527}
2010-10-27 14:29:17 -------- dc-h--w- C:\PROGRA~3\{B5F0C192-874D-49A8-88D7-8431E3714756}
2010-10-27 14:29:13 -------- d-----w- C:\Program Files\Native Instruments
2010-10-27 09:43:45 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-10-27 09:43:45 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-10-27 09:43:45 552960 ----a-w- C:\Windows\System32\msdri.dll
2010-10-27 09:43:45 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-10-27 09:43:45 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-10-27 09:43:45 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-10-27 09:43:45 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-10-27 09:43:38 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2010-10-20 13:41:12 38848 ----a-w- C:\Windows\avastSS.scr
2010-10-20 13:41:03 -------- d-----w- C:\PROGRA~3\Alwil Software
2010-10-14 10:31:00 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-10-14 10:31:00 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-10-11 17:22:06 -------- d-----w- C:\Program Files (x86)\TweetDeck
2010-10-11 12:13:44 -------- d-----w- C:\Program Files (x86)\Lame for Audacity
2010-10-06 22:46:55 1177600 ----a-w- C:\Windows\SysWow64\SYNSOEMU.DLL
2010-10-06 22:46:46 -------- d-----w- C:\Program Files (x86)\Common Files\VST3
2010-10-06 22:42:13 -------- d-----w- C:\PROGRA~3\VST3 Presets
2010-10-06 22:23:20 -------- d-----w- C:\Program Files (x86)\Common Files\Steinberg
2010-10-06 22:23:20 -------- d-----w- C:\PROGRA~3\Steinberg
2010-10-06 22:19:15 -------- d-----w- C:\Users\Tom\AppData\Roaming\Steinberg
2010-10-06 22:19:15 -------- d-----w- C:\Program Files (x86)\Steinberg
2010-10-06 20:58:18 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes
2010-10-05 21:22:39 -------- d-----w- C:\Program Files (x86)\SlySoft

==================== Find3M ====================

2010-10-19 10:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-22 23:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2010-09-22 23:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR
2010-09-21 13:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
2010-09-21 13:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 10:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 10:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-07 14:47:33 61008 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

============= FINISH: 14:58:06.08 ===============

Blade81
2010-11-19, 08:50
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent


I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Please go and uninstall the programs listed above (in red).


Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Copy-paste following contents into custom scan -area:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Blade81
2010-11-26, 08:07
Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.