PDA

View Full Version : Infected


heynetboy
2011-06-14, 06:14
I have been infected by windows 7 recovery. It has placed a red circle with a white x in it on my desktop. It doesn't run all of the time but pops up every now and then. Here is my dds file.

Thanks,

Walter

DDS (Ver_2011-06-12.02) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by wally at 22:06:23 on 2011-06-13
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2871.1596 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Windows\system32\lxdqcoms.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\java.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchProtocolHost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360410n925l0444z145a4402y271
uSearch Bar = hxxp://www.tangosearch.com/?useie5=1&q=
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360410n925l0444z145a4402y271
mSearch Bar = hxxp://www.tangosearch.com/?useie5=1&q=
uInternet Settings,ProxyOverride = *.local;<local>
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\wally\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to iPod Converter - C:\Users\wally\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
IE: Free YouTube to Mp3 Converter - C:\Users\wally\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 192.168.1.1 24.220.0.10 24.220.0.11
TCP: Interfaces\{9EF1DB85-9CD3-470F-A5C6-396EF645ACF6} : DhcpNameServer = 216.16.0.2 216.16.0.4
TCP: Interfaces\{CF79823C-E338-4FCB-AD89-F2024E306D53} : DhcpNameServer = 192.168.1.1 24.220.0.10 24.220.0.11
TCP: Interfaces\{CF79823C-E338-4FCB-AD89-F2024E306D53}\458656C4F64676560353 : DhcpNameServer = 192.168.30.1
TCP: Interfaces\{CF79823C-E338-4FCB-AD89-F2024E306D53}\E4544574541425 : DhcpNameServer = 192.168.1.1
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun-x64: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun-x64: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-12-17 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 LinksysUpdater;Linksys Updater;C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 lxdq_device;lxdq_device;C:\Windows\system32\lxdqcoms.exe -service --> C:\Windows\system32\lxdqcoms.exe -service [?]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-10-29 255744]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-2-3 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-12-17 240160]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-24 135664]
S2 lxdqCATSCustConnectService;lxdqCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxdqserv.exe [2008-2-27 29184]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-24 135664]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-12-17 225280]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-06-14 02:49:39 8718160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2738762C-C5D6-4D4B-A15F-49391982A355}\mpengine.dll
2011-06-14 02:31:37 98816 ----a-w- C:\Windows\sed.exe
2011-06-14 02:31:37 518144 ----a-w- C:\Windows\SWREG.exe
2011-06-14 02:31:37 256512 ----a-w- C:\Windows\PEV.exe
2011-06-14 02:31:37 208896 ----a-w- C:\Windows\MBR.exe
2011-06-14 02:31:30 -------- d-s---w- C:\ComboFix
2011-06-14 01:58:22 -------- d-----w- C:\Users\wally\AppData\Local\{2A406D9C-D0D4-451D-9001-A493A32D84AF}
2011-06-14 01:50:51 -------- d-----w- C:\ProgramData\PC Tools
2011-06-13 23:47:24 -------- d-----w- C:\Users\wally\AppData\Local\{3E2818BD-97D8-4AE2-9E2A-2E07B5B8E14E}
2011-06-13 02:34:29 -------- d-----w- C:\Users\wally\AppData\Local\{EF5EC546-59EE-4506-B2B0-C0D0FFB2E16F}
2011-06-12 13:25:54 -------- d-----w- C:\Users\wally\AppData\Local\{757B1924-BEE8-4597-B9D1-CE9BFFE9E7BD}
2011-06-12 01:18:22 -------- d-----w- C:\Users\wally\AppData\Local\{F6DD2A68-6B5F-489A-BC62-4009F99F1D1C}
2011-06-11 13:17:55 -------- d-----w- C:\Users\wally\AppData\Local\{5256EF65-BCEE-4830-9671-CE7F6751176A}
2011-06-11 00:51:12 -------- d-----w- C:\Users\wally\AppData\Local\{7DF03C23-E127-4B01-A4E8-F20BA28D5666}
2011-06-10 11:36:27 -------- d-----w- C:\Users\wally\AppData\Local\{6BED000B-23B9-46A7-9B75-F06516177B4F}
2011-06-09 23:05:34 -------- d-----w- C:\Users\wally\AppData\Local\{7F9E5EDA-C792-45A1-83CF-970BC0863655}
2011-06-09 11:45:11 -------- d-----w- C:\Users\wally\AppData\Local\{131159BE-6B35-45C8-885B-6CA8932DD4C9}
2011-06-08 23:38:32 -------- d-----w- C:\Users\wally\AppData\Local\{93ED37ED-8D42-43F7-B9F4-93028648F032}
2011-06-08 11:36:55 -------- d-----w- C:\Users\wally\AppData\Local\{937119D6-B4BC-4C86-BD76-0422594BADA6}
2011-06-08 06:29:04 47952 ----a-w- C:\Windows\System32\drivers\ihvheouq.sys
2011-06-08 02:10:29 -------- d-----w- C:\Program Files (x86)\Sony Media Go Install
2011-06-07 23:10:20 -------- d-----w- C:\Users\wally\AppData\Local\{D5E9B6B4-F97E-4DC1-ABCA-8512416E680C}
2011-06-07 00:48:15 -------- d-----w- C:\Users\wally\AppData\Local\{BDAE1C5F-9826-4DFB-AE10-9B54A81E4AD9}
2011-06-06 11:52:16 -------- d-----w- C:\Users\wally\AppData\Local\{D72B4C90-AA45-47FD-9E94-D9C170D46097}
2011-06-05 17:36:53 -------- d-----w- C:\Users\wally\AppData\Local\{0F7496ED-3906-4358-9F70-62B5E99ACF6C}
2011-06-05 00:24:41 -------- d-----w- C:\Users\wally\AppData\Local\{5E6C6187-85D7-4DFE-8CE2-2BBB4CE0705B}
2011-06-04 11:38:21 -------- d-----w- C:\Users\wally\AppData\Local\{0BE9F4D5-4D86-4009-9FE6-7C50F0B05EFF}
2011-06-03 23:37:56 -------- d-----w- C:\Users\wally\AppData\Local\{CF5F8118-A9C5-4F60-A294-01223D3DFDD7}
2011-06-03 11:11:24 -------- d-----w- C:\Users\wally\AppData\Local\{80D8798C-82E4-493A-A0A7-8849D5E98809}
2011-06-02 23:10:59 -------- d-----w- C:\Users\wally\AppData\Local\{46AFA531-5C99-4659-BC9A-83138A3F9B12}
2011-06-01 23:45:17 -------- d-----w- C:\Users\wally\AppData\Local\{0FE739A3-71E5-4913-AE30-60947BAF94DC}
2011-06-01 11:44:50 -------- d-----w- C:\Users\wally\AppData\Local\{D4F3DD75-C0DC-402B-AAC3-D23E59346A23}
2011-05-31 23:17:17 -------- d-----w- C:\Users\wally\AppData\Local\{5669A6A6-4BCB-42B7-A365-5C8B980F69D5}
2011-05-31 00:34:28 -------- d-----w- C:\Users\wally\AppData\Local\{646D9FEC-6B48-4374-9F59-01F2114F5BBF}
2011-05-30 11:40:19 -------- d-----w- C:\Users\wally\AppData\Local\{45C9E22F-D1B7-4A5C-8F23-02B0D4C6C731}
2011-05-29 16:28:18 -------- d-----w- C:\Users\wally\AppData\Local\{7EF6CAF4-5F27-49BF-A9D6-5B3DA7249A55}
2011-05-29 04:27:54 -------- d-----w- C:\Users\wally\AppData\Local\{1391216B-77A9-4A31-8AA8-B0AADF044E9D}
2011-05-28 14:30:06 -------- d-----w- C:\Users\wally\AppData\Local\{A5DF2A06-BE9F-4F31-BDA1-D15AA39CA454}
2011-05-28 01:36:23 -------- d-----w- C:\Users\wally\AppData\Local\{E11089FE-C8EC-42C8-B294-2931EE3E798A}
2011-05-27 11:30:53 -------- d-----w- C:\Users\wally\AppData\Local\{D6A629FC-0887-4913-AD64-9B736BA1C866}
2011-05-26 23:03:10 -------- d-----w- C:\Users\wally\AppData\Local\{41F1F1E2-42C6-48E2-89E7-C4A8B4AD8542}
2011-05-26 01:03:41 -------- d-----w- C:\Users\wally\AppData\Local\{E0D75316-863A-4DB8-8CCD-066CD4AF6E6A}
2011-05-25 11:54:58 -------- d-----w- C:\Users\wally\AppData\Local\{71F65953-F2C1-4CFF-B8FF-02F34BEFEAC8}
2011-05-25 07:06:15 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-05-24 23:54:33 -------- d-----w- C:\Users\wally\AppData\Local\{3A27D46E-07B4-4E20-ACD2-C1AF7F28BE38}
2011-05-24 11:54:09 -------- d-----w- C:\Users\wally\AppData\Local\{E19BCC3D-B104-44AC-853A-3C4C6ACAEEDA}
2011-05-23 16:31:35 -------- d-----w- C:\Users\wally\AppData\Local\{7396BF2C-B88F-4CFE-9914-4583970757AE}
2011-05-23 02:14:12 -------- d-----w- C:\Users\wally\AppData\Local\{58C60F9B-502B-4FBA-9C04-0E4D41D01876}
2011-05-22 13:31:32 -------- d-----w- C:\Users\wally\AppData\Local\{D3858F67-9D0F-4B7F-9B4E-C06C4B14A588}
2011-05-22 00:31:55 -------- d-----w- C:\Users\wally\AppData\Local\{EE342964-C438-47EE-B862-9E466BDA4705}
2011-05-21 12:25:09 -------- d-----w- C:\Users\wally\AppData\Local\{7603A45C-4D75-4824-B205-9C1AC0038DB9}
2011-05-20 23:27:28 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0064FE77-8E0A-4D8F-9562-D13D8B6CBE44}\gapaengine.dll
2011-05-20 23:15:24 -------- d-----w- C:\Users\wally\AppData\Local\{A7E7FCAA-44AA-4438-8DE5-1E77C6B501EC}
2011-05-20 11:15:00 -------- d-----w- C:\Users\wally\AppData\Local\{20514F41-EB2E-4E7C-93FE-9DF7CCE69BCF}
2011-05-19 23:14:36 -------- d-----w- C:\Users\wally\AppData\Local\{33B394BD-E64D-486B-9A6C-3201AD5ABC35}
2011-05-18 23:57:25 -------- d-----w- C:\Users\wally\AppData\Local\{D68D4889-CC82-4C01-949F-BB2924525F7A}
2011-05-18 11:16:28 -------- d-----w- C:\Users\wally\AppData\Local\{82440965-EF23-49AE-8F44-C94D9555DA3D}
2011-05-17 23:04:41 -------- d-----w- C:\Users\wally\AppData\Local\{881BA1B2-3B70-4092-A1F6-2261312262C6}
2011-05-17 12:28:58 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-17 12:28:57 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-05-17 00:43:21 -------- d-----w- C:\Users\wally\AppData\Local\{DEF07E47-E543-4006-940A-669D0DC81CF3}
2011-05-16 11:48:22 -------- d-----w- C:\Users\wally\AppData\Local\{42DB8E15-C5B7-4C04-95F0-297F0635F39D}
2011-05-16 00:48:04 -------- d-----w- C:\Users\wally\AppData\Roaming\uTorrent
2011-05-15 15:24:08 -------- d-----w- C:\Users\wally\AppData\Local\{D1C43EA3-7E33-4010-85E4-DF3EB8E77031}
2011-05-15 03:23:42 -------- d-----w- C:\Users\wally\AppData\Local\{75D9E891-ACA0-4BEE-A5BF-38CDF94E578F}
.
==================== Find3M ====================
.
2011-05-01 05:23:43 756596 ----a-w- C:\ProgramData\SPL5D30.tmp
2011-04-09 06:45:48 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:13:06 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-03-25 03:23:22 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-03-25 03:23:03 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-03-25 03:23:03 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-03-25 03:22:57 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-03-25 03:22:56 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-03-25 03:22:55 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-03-25 03:22:51 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-03-18 18:32:10 71072 ----a-w- C:\Windows\CouponPrinter.ocx
.
============= FINISH: 22:10:08.41 ===============
Blade81
2011-06-23, 19:08
If help still needed post fresh dds logs (both dds.txt & attach.txt contents).
Blade81
2011-06-29, 12:13
Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.