PDA

View Full Version : HELP with "Win32.AutoRun.tmp" removal



Bullet546
2010-12-08, 08:12
ok I can do pretty much whatever I am insrtucted, so any assistance is appreciated. I updated ran Spybot Search and Destroy after my system started playing an audio file (I guess) that sounded like a news reporter doing a broadcast...??? I restarted the computer and after my wireless connected (about 2-3 min total after restart) the audio started playing again. I went into Task Manager and "ended process" on 3 processes that had no "username" or "description" tha audio instantly stopped and hasn't restarted since. That is when I decided to run some scans. I use Avira (free) antivirus, and regularly use Malwarebytes Anti-Malware, and Spybot Search and Destroy to scan for issues.
ANYWAY, Spybot found "Win32.AutoRun.tmp" and was unable to remove it. I have downloaded Spybot RunAnalyzer and as a safernetworking forum instructed I located the registry value "Taskman" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\" , however I was not able to delete it as instructed. The program would not allow me to "delete" it via the button on the toolbar of the program because "Delete" was greyed out. I was also unable to check or uncheck any selections with RunAnalyzer.
SO I have included below the DDS Log and am asking for any help you can provide. I run no P2P, and Malwarebytes and Spybot programs only run when opened manually. My computer is just a few weeks old, it runs well and is still fast and running as it has since I first got it, so I can tell. Want to get a handle on this before it really effects my system. A restore is a last option because I have installed several commonly utilized programs and several hundred GB of media.

Thanks in advance,
:police:


LOG

DDS (Ver_10-12-05.01) - NTFS_AMD64
Run by BULLET at 0:47:41.88 on Wed 12/08/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4057.2408 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files (x86)\Safer Networking\RunAlyzer\RunAlyzer.exe
C:\Windows\SysWOW64\regedit.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\BULLET\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BGW1RKD\dds[1].scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\BULLET\AppData\Roaming\Mozilla\Firefox\Profiles\oa6dsz3o.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-17 135336]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-11-17 267944]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-11-17 83120]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-20 1255736]

=============== Created Last 30 ================

2010-12-08 04:41:45 -------- d-----w- C:\Program Files (x86)\Safer Networking
2010-12-08 00:46:17 251392 ----a-w- C:\Windows\Bdoveb.exe
2010-12-08 00:04:42 251392 ----a-w- C:\Windows\Bdovea.exe
2010-12-07 23:43:25 4277016 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-12-07 23:41:01 42776 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-12-07 23:40:55 588096 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-12-07 14:52:24 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{A6C8182B-DB2B-4B34-B31A-5A6BBD20EA41}\mpengine.dll
2010-11-30 22:22:05 258048 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfppw73.dll
2010-11-29 18:47:30 737072 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-11-29 02:48:57 -------- d-----w- C:\Program Files (x86)\YouTube Downloader
2010-11-28 22:07:29 -------- d-----w- C:\Program Files (x86)\Astonsoft
2010-11-28 22:04:57 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-11-28 21:52:23 -------- d-----w- C:\Users\BULLET\AppData\Roaming\Canneverbe Limited
2010-11-28 21:52:23 -------- d-----w- C:\PROGRA~3\Canneverbe Limited
2010-11-24 04:27:45 -------- d-----w- C:\Users\BULLET\AppData\Local\Microsoft Games
2010-11-23 22:41:52 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-23 22:41:52 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-23 12:01:27 737072 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-11-23 12:01:14 4277016 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-11-23 12:00:59 42776 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-11-23 12:00:56 588096 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-11-23 11:10:52 -------- d-----w- C:\PROGRA~3\SSScanWizard
2010-11-23 11:10:52 -------- d-----w- C:\PROGRA~3\SSScanAppDataDir
2010-11-23 11:10:47 -------- d-----w- C:\Program Files (x86)\Common Files\ScanSoft Shared
2010-11-23 11:10:46 -------- d-----w- C:\Windows\SysWow64\Spool
2010-11-23 11:10:37 -------- d-----w- C:\Program Files (x86)\Common Files\ScanSoft
2010-11-23 11:10:30 -------- d-----w- C:\Program Files (x86)\ScanSoft
2010-11-23 11:09:12 221184 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2010-11-23 11:09:11 598016 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ikernel.exe
2010-11-23 11:09:11 53248 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\msihook.dll
2010-11-23 11:09:11 32768 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2010-11-23 11:09:11 217088 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2010-11-23 11:09:11 126976 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\knlwrap.exe
2010-11-23 11:09:10 114688 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\scpthdlr.dll
2010-11-21 03:13:02 165376 ----a-w- C:\Windows\SysWow64\unrar.dll
2010-11-21 03:13:00 839680 ----a-w- C:\Windows\SysWow64\lameACM.acm
2010-11-21 03:13:00 217088 ----a-w- C:\Windows\SysWow64\yv12vfw.dll
2010-11-21 03:13:00 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm
2010-11-21 03:12:59 790528 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2010-11-21 03:12:59 134144 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2010-11-21 03:12:59 108032 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2010-11-21 03:12:56 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2010-11-21 03:02:49 -------- d-----w- C:\Users\BULLET\AppData\Local\Apple Computer
2010-11-21 03:02:39 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2010-11-21 03:02:39 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2010-11-21 03:02:39 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2010-11-21 03:02:28 -------- d-----w- C:\Program Files\iPod
2010-11-21 03:02:27 -------- d-----w- C:\Program Files\iTunes
2010-11-21 03:02:27 -------- d-----w- C:\Program Files (x86)\iTunes
2010-11-21 03:02:27 -------- d-----w- C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-11-21 02:14:46 -------- d-----w- C:\Users\BULLET\AppData\Roaming\AnvSoft
2010-11-21 02:14:42 -------- d-----w- C:\Program Files (x86)\AnvSoft
2010-11-20 06:05:00 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2010-11-20 06:05:00 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2010-11-20 06:03:17 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
2010-11-20 06:03:17 109056 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2010-11-20 06:02:29 -------- d-----w- C:\PROGRA~3\vsosdk
2010-11-20 05:55:59 -------- d-----w- C:\Windows\en
2010-11-20 05:43:00 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2010-11-20 05:43:00 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2010-11-20 05:43:00 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2010-11-20 05:43:00 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2010-11-20 05:42:59 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c9c2e3e31cb887502\DSETUP.dll
2010-11-20 05:42:59 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c9c2e3e31cb887502\DXSETUP.exe
2010-11-20 05:42:59 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c9c2e3e31cb887502\dsetup32.dll
2010-11-20 05:42:33 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2010-11-20 05:42:33 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2010-11-20 05:42:31 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b8834b471cb887501\DXSETUP.exe
2010-11-20 05:42:31 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b8834b471cb887501\dsetup32.dll
2010-11-20 05:42:30 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b8834b471cb887501\DSETUP.dll
2010-11-20 05:38:55 -------- d-----w- C:\Users\BULLET\AppData\Local\Windows Live
2010-11-20 05:38:54 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2010-11-20 05:38:11 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2010-11-20 05:38:11 206848 ----a-w- C:\Windows\System32\mfps.dll
2010-11-20 05:38:11 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2010-11-20 05:38:11 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2010-11-20 05:38:10 4068864 ----a-w- C:\Windows\System32\mf.dll
2010-11-20 05:38:10 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
2010-11-20 05:38:10 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2010-11-20 05:18:57 -------- d-----w- C:\Windows\SysWow64\Wat
2010-11-20 05:18:57 -------- d-----w- C:\Windows\System32\Wat
2010-11-20 05:01:20 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-11-19 14:45:17 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2010-11-19 14:45:17 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2010-11-19 14:45:17 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2010-11-19 14:45:17 444752 ----a-w- C:\Windows\System32\mscoree.dll
2010-11-19 14:45:17 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2010-11-19 14:45:17 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2010-11-19 14:45:17 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2010-11-19 14:45:17 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2010-11-19 14:45:17 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2010-11-19 14:45:17 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2010-11-19 14:37:28 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2010-11-19 14:36:54 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-11-19 14:36:54 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2010-11-19 04:23:51 -------- d-----w- C:\Users\BULLET\AppData\Roaming\MoveFab
2010-11-19 04:22:39 -------- d-----w- C:\Program Files (x86)\DVDFab 8
2010-11-19 01:56:14 -------- d-----w- C:\Program Files (x86)\Elf Bowling The Last Insult
2010-11-19 01:30:56 99384 ----a-w- C:\Users\BULLET\AppData\Roaming\inst.exe
2010-11-19 01:30:56 82816 ----a-w- C:\Windows\System32\drivers\pcouffin.sys
2010-11-19 01:30:56 82816 ----a-w- C:\Users\BULLET\AppData\Roaming\pcouffin.sys
2010-11-18 21:30:44 -------- d-----w- C:\Users\BULLET\AppData\Local\Mozilla
2010-11-18 13:22:54 85504 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2010-11-18 13:20:59 389632 ----a-w- C:\Windows\System32\winlogon.exe
2010-11-18 13:19:41 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-11-18 13:14:06 1877504 ----a-w- C:\Windows\System32\msxml3.dll
2010-11-18 13:14:06 1233920 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-11-18 13:14:05 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2010-11-18 13:14:02 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2010-11-18 13:14:02 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2010-11-18 13:14:02 153160 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2010-11-18 13:14:02 1446912 ----a-w- C:\Windows\System32\lsasrv.dll
2010-11-18 13:12:43 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2010-11-18 13:12:43 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2010-11-18 13:12:43 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-11-18 13:12:43 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-11-18 13:12:33 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-11-18 13:12:33 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-11-18 13:12:33 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-11-18 13:12:32 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-11-18 13:12:32 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-11-18 13:12:02 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-11-18 04:14:01 -------- d-----w- C:\Users\BULLET\AppData\Roaming\Avira
2010-11-18 04:13:30 -------- d-----w- C:\Users\BULLET\AppData\Local\Adobe
2010-11-18 04:06:03 -------- d-----w- C:\Program Files (x86)\DVD Shrink
2010-11-18 04:00:24 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2010-11-18 04:00:04 -------- d-----w- C:\Windows\PCHEALTH
2010-11-18 04:00:04 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2010-11-18 03:57:27 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2010-11-18 03:56:46 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2010-11-18 03:56:26 -------- d-----w- C:\Users\BULLET\AppData\Local\Microsoft Help
2010-11-18 00:59:28 -------- d-----w- C:\Users\BULLET\AppData\Roaming\Malwarebytes
2010-11-18 00:59:21 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-11-18 00:59:20 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-11-18 00:59:19 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-11-18 00:59:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-11-18 00:49:05 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2010-11-18 00:49:05 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2010-11-18 00:42:37 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7
2010-11-18 00:31:50 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2010-11-18 00:31:49 -------- d-----w- C:\Program Files (x86)\Avira
2010-11-18 00:31:49 -------- d-----w- C:\PROGRA~3\Avira
2010-11-18 00:28:59 -------- d-sh--w- C:\Windows\Installer
2010-11-18 00:18:47 -------- d-----w- C:\Program Files\CCleaner
2010-11-18 00:16:58 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-11-17 22:45:54 220672 ----a-w- C:\Windows\System32\wintrust.dll
2010-11-17 22:45:54 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2010-11-17 22:45:53 139264 ----a-w- C:\Windows\System32\cabview.dll
2010-11-17 22:45:53 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2010-11-17 22:35:18 -------- d-----w- C:\Windows\Panther
2010-11-17 22:23:45 -------- d-----w- C:\Windows.old
2010-11-09 22:56:02 -------- d-----w- C:\Intel
2010-11-09 22:47:11 -------- d-----w- C:\dell
2010-11-09 22:27:12 -------- d-sh--w- C:\Recovery

==================== Find3M ====================

2010-10-07 17:36:16 96544 ----a-w- C:\Windows\System32\dnssd.dll
2010-10-07 17:36:16 69408 ----a-w- C:\Windows\System32\jdns_sd.dll
2010-10-07 17:36:16 237856 ----a-w- C:\Windows\System32\dnssdX.dll
2010-10-07 17:36:16 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2010-10-07 17:23:02 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2010-10-07 17:23:02 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2010-10-07 17:23:02 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2010-10-07 17:23:02 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2010-09-23 05:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR
2010-09-21 19:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
2010-09-21 19:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

============= FINISH: 0:48:19.58 ===============

Blade81
2010-12-18, 10:47
Hi,

If help still needed post fresh dds logs. Also, update Spybot and run new scan with it.

Blade81
2010-12-23, 07:53
Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.