PDA

View Full Version : Win32.autorun.tmp


Gilbert Beilschmidt
2010-12-25, 20:40
sorry about the post in the waiting room. I didn't look at the details...ehehe :laugh:

MY DDS LOG:


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by James Luong at 12:34:14.73 on Sat 12/25/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1787.418 [GMT -6:00]

AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskmgr.exe
C:\Program Files (x86)\Safer Networking\RunAlyzer\RunAlyzer.exe
C:\Windows\regedit.exe
C:\windows\system32\msiexec.exe
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\SearchFilterHost.exe
C:\Users\James Luong\Downloads\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.com/
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
StartupFolder: C:\Users\JAMESL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://tdameritrade.webex.com/client/T27L10NSP11EP5/event/ieatgpc1.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
mRun-x64: [(Default)]
mRun-x64: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
mRun-x64: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
mRun-x64: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun-x64: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

================= FIREFOX ===================

FF - ProfilePath - C:\Users\JAMESL~1\AppData\Roaming\Mozilla\Firefox\Profiles\h0ydli7i.default\
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-12-24 121936]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-12-24 20048]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-12-24 61008]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2010-6-1 6403072]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-6-1 188928]
R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [2010-6-1 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-3-4 75816]

=============== Created Last 30 ================

2010-12-25 17:48:55 -------- d-----w- C:\Program Files (x86)\Safer Networking
2010-12-25 16:01:26 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2010-12-25 16:01:26 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2010-12-25 15:42:51 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{43CC8334-44DE-4353-92C6-10E8C3EFB88B}\mpengine.dll
2010-12-24 16:51:59 61008 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2010-12-24 16:51:56 38848 ----a-w- C:\windows\avastSS.scr
2010-12-24 16:21:04 -------- d-----w- C:\PROGRA~3\MFAData
2010-12-23 02:20:04 -------- d-----w- C:\Users\JAMESL~1\AppData\Roaming\Gamers Digital
2010-12-23 02:20:04 -------- d-----w- C:\PROGRA~3\Gamers Digital
2010-12-19 16:48:30 -------- d-----w- C:\Program Files (x86)\FileASSASSIN
2010-12-19 14:39:41 38224 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-19 14:14:19 -------- d-----w- C:\Users\JAMESL~1\AppData\Roaming\Malwarebytes
2010-12-19 14:14:06 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-12-19 14:14:02 24152 ----a-w- C:\windows\System32\drivers\mbam.sys
2010-12-19 14:14:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-12-18 23:01:39 306648 ----a-w- C:\windows\System32\drivers\pctgntdi64.sys
2010-12-18 23:01:39 133072 ----a-w- C:\windows\System32\drivers\pctwfpfilter64.sys
2010-12-18 23:01:19 233488 ----a-w- C:\windows\System32\drivers\PCTCore64.sys
2010-12-18 23:01:07 92896 ----a-w- C:\windows\System32\drivers\pctplsg64.sys
2010-12-18 23:00:45 -------- d-----w- C:\Users\JAMESL~1\AppData\Roaming\PC Tools
2010-12-18 23:00:45 -------- d-----w- C:\Program Files (x86)\Spyware Doctor
2010-12-18 23:00:45 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2010-12-18 23:00:45 -------- d-----w- C:\PROGRA~3\PC Tools
2010-12-18 20:42:27 -------- d-----w- C:\Users\JAMESL~1\AppData\Roaming\B1E596F274D52F71109A8CB326949B7E
2010-12-18 01:04:18 -------- d-----w- C:\Users\JAMESL~1\AppData\Local\Mozilla
2010-12-15 02:19:02 1114624 ----a-w- C:\windows\System32\schedsvc.dll
2010-12-15 02:19:01 524288 ----a-w- C:\windows\System32\wmicmiplugin.dll
2010-12-15 02:19:01 496128 ----a-w- C:\windows\SysWow64\taskschd.dll
2010-12-15 02:19:01 473600 ----a-w- C:\windows\System32\taskcomp.dll
2010-12-15 02:19:01 464384 ----a-w- C:\windows\System32\taskeng.exe
2010-12-15 02:19:01 1169408 ----a-w- C:\windows\System32\taskschd.dll
2010-12-15 02:19:00 305152 ----a-w- C:\windows\SysWow64\taskcomp.dll
2010-12-15 02:19:00 285696 ----a-w- C:\windows\System32\schtasks.exe
2010-12-15 02:19:00 192000 ----a-w- C:\windows\SysWow64\taskeng.exe
2010-12-15 02:19:00 179712 ----a-w- C:\windows\SysWow64\schtasks.exe
2010-12-15 02:18:15 367104 ----a-w- C:\windows\System32\atmfd.dll
2010-12-15 02:18:15 294400 ----a-w- C:\windows\SysWow64\atmfd.dll
2010-12-15 02:18:14 46080 ----a-w- C:\windows\System32\atmlib.dll
2010-12-15 02:18:14 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2010-12-15 02:18:09 3124224 ----a-w- C:\windows\System32\win32k.sys
2010-12-15 02:17:49 395776 ----a-w- C:\windows\System32\webio.dll
2010-12-15 02:17:49 314368 ----a-w- C:\windows\SysWow64\webio.dll
2010-12-15 02:13:29 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
2010-12-15 02:13:29 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
2010-12-15 02:13:29 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
2010-12-15 02:13:11 112000 ----a-w- C:\windows\System32\consent.exe
2010-12-06 00:56:16 -------- d-----w- C:\Users\JAMESL~1\AppData\Roaming\Gogii
2010-12-05 21:39:23 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2010-12-05 21:39:13 -------- d-----w- C:\Program Files\DivX
2010-12-05 21:38:26 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2010-12-05 21:29:35 -------- d-----w- C:\Program Files (x86)\DivX
2010-12-05 21:28:50 -------- d-----w- C:\PROGRA~3\DivX
2010-12-05 14:32:50 -------- d-----w- C:\AMD
2010-12-05 13:55:28 14336 ----a-w- C:\windows\System32\drivers\sffp_sd.sys
2010-12-04 14:37:26 3850760 ----a-w- C:\windows\SysWow64\D3DX9_38.dll
2010-12-04 14:36:19 -------- d-----w- C:\windows\SysWow64\AGEIA
2010-12-04 14:36:05 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2010-12-04 14:00:40 -------- d-----w- C:\Program Files (x86)\WildGames
2010-12-04 13:40:07 -------- d-----w- C:\Program Files (x86)\WildTangent Games
2010-11-30 22:59:35 -------- d-----w- C:\Users\JAMESL~1\AppData\Roaming\HdO Adventure
2010-11-27 19:02:00 -------- d-----w- C:\PROGRA~3\Symantec
2010-11-26 14:42:54 -------- d-----w- C:\Users\JAMESL~1\AppData\Local\CAPCOM
2010-11-26 14:41:08 178800 ----a-w- C:\windows\SysWow64\CmdLineExt_x64.dll
2010-11-26 14:28:29 489480 ----a-w- C:\windows\System32\XAudio2_0.dll
2010-11-26 14:28:29 479752 ----a-w- C:\windows\SysWow64\XAudio2_0.dll
2010-11-26 14:28:26 238088 ----a-w- C:\windows\SysWow64\xactengine3_0.dll
2010-11-26 14:28:26 177672 ----a-w- C:\windows\System32\xactengine3_0.dll
2010-11-26 14:28:23 28168 ----a-w- C:\windows\System32\X3DAudio1_3.dll
2010-11-26 14:28:23 25608 ----a-w- C:\windows\SysWow64\X3DAudio1_3.dll
2010-11-26 14:28:22 529424 ----a-w- C:\windows\System32\d3dx10_37.dll
2010-11-26 14:28:22 1860120 ----a-w- C:\windows\System32\D3DCompiler_37.dll
2010-11-26 14:27:57 462864 ----a-w- C:\windows\SysWow64\d3dx10_37.dll
2010-11-26 14:27:57 1420824 ----a-w- C:\windows\SysWow64\D3DCompiler_37.dll
2010-11-26 14:27:37 4910088 ----a-w- C:\windows\System32\D3DX9_37.dll
2010-11-26 14:26:36 3786760 ----a-w- C:\windows\SysWow64\D3DX9_37.dll
2010-11-26 13:45:23 -------- d-----w- C:\PROGRA~3\BC Soft Games
2010-11-26 13:44:30 -------- d-----w- C:\Program Files (x86)\CAPCOM
2010-11-25 23:26:59 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-25 23:26:59 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll

==================== Find3M ====================

2010-11-11 22:20:47 314016 ----a-w- C:\windows\System32\drivers\atksgt.sys
2010-11-11 22:20:46 43680 ----a-w- C:\windows\System32\drivers\lirsgt.sys
2010-11-04 06:35:53 1194496 ----a-w- C:\windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2010-11-01 10:05:33 1176 ----a-w- C:\windows\SysWow64\ealregsnapshot1.reg
2010-10-27 05:06:22 2048 ----a-w- C:\windows\System32\tzres.dll
2010-10-27 04:32:36 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2010-10-19 16:41:44 270720 ------w- C:\windows\System32\MpSigStub.exe

============= FINISH: 12:38:00.78 ===============
ken545
2010-12-31, 17:52
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.


Open Malwarebytes and go to the Log tab, open the log that removed this virus and copy and paste in into this thread for me to see.
ken545
2011-01-05, 13:57
Still need help ??
ken545
2011-01-07, 21:51
Due to inactivity, this thread will now be closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened.

At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been

requested in the closed topic, you would be starting fresh.