PDA

View Full Version : Malware "removed' keeps coming back.



Disyute
2013-01-11, 06:16
Hello good night, I recently bought this laptop (about two weeks ago) I installed Spybot S&D 2.0 (the one with the new layout) and AVG and decided to run a scan on both. The Avg scan came up with nothing but the Spybot came up with like 6 infections like four level 5's and some level 1's one of the level 5's was 'Macromedia.flashplayer.cookies' or something to that effect so i fixed the problems as administrator then ran a rescan and i ended up finding more infections. I would like some assistance to find out what exactly is causing this and if these level 5 infections are serious and can steal my passwords and things of that nature :) thank you in advance.

Here is my dds:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16453
Run by Jevonne at 22:35:17 on 2013-01-10
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.5594.1785 [GMT -8:00]
.
AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\valWBFPolicyService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\AuthenTec\TrueService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Windows\System32\LogonUI.exe
C:\Windows\System32\dwm.exe
C:\Windows\system32\dwm.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
C:\Program Files\Common Files\AuthenTec\TrueService.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\HP SimplePass\TouchControl.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Jevonne\AppData\Local\Apps\2.0\XD5QP6LD.HNH\3H1YMHKE.5MZ\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\CurseClient.exe
C:\Program Files (x86)\World of Warcraft\Wow-64.exe
C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com?pc=HPNTDFJS
uDefault_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
mStart Page = hxxp://www.bing.com?pc=HPNTDFJS
mDefault_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
mWinlogon: Userinit = userinit.exe
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
StartupFolder: C:\Users\Jevonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 65.183.0.76 65.183.0.86
TCP: Interfaces\{FC19A893-51CD-4E47-BB1F-B945B5B0FD12} : DHCPNameServer = 65.183.0.76 65.183.0.86
TCP: Interfaces\{FC19A893-51CD-4E47-BB1F-B945B5B0FD12}\05C6F6F63786 : DHCPNameServer = 65.183.0.76 65.183.0.86
TCP: Interfaces\{FC19A893-51CD-4E47-BB1F-B945B5B0FD12}\14E64627F696461405 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{FC19A893-51CD-4E47-BB1F-B945B5B0FD12}\3416D60796F6E6F584F6473507F647 : DHCPNameServer = 172.16.22.2
TCP: Interfaces\{FC19A893-51CD-4E47-BB1F-B945B5B0FD12}\45D4162747 : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{FC19A893-51CD-4E47-BB1F-B945B5B0FD12}\D202D456E647F63702D2 : DHCPNameServer = 8.8.4.4 173.255.240.156
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://www.bing.com?pc=HPNTDFJS
x64-mDefault_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jevonne\AppData\Roaming\Mozilla\Firefox\Profiles\5jdzhsp9.default\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - ExtSQL: 2013-01-08 16:51; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-7-24 79528]
R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-7-24 26280]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\Drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\Drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\Drivers\avgmfx64.sys [2012-11-15 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\Drivers\avgrkx64.sys [2012-9-14 40800]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\Drivers\avgfwd6a.sys [2012-9-4 50296]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\Drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\Drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgwfpa;AVG Firewall Driver;C:\Windows\System32\Drivers\avgwfpa.sys [2012-11-26 208736]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2012-9-17 92536]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-8-8 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-8 361984]
R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\Drivers\appexDrv.sys [2012-9-17 199008]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2012-12-10 1342024]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [2012-8-10 1641320]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-8-10 85504]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-8-10 29600]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-7-9 35232]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-1-6 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-1-6 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-1-6 168384]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R2 valWBFPolicyService;Validity WBF Policy Service;C:\Windows\System32\valWBFPolicyService.exe [2012-8-18 28160]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-7-17 98472]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\Drivers\RtsBaStor.sys [2012-9-17 294544]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-9-17 690832]
R3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-9-17 41272]
R3 TrueService;TrueAPI Service component;C:\Program Files\Common Files\AuthenTec\TrueService.exe [2012-7-16 401256]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2012-9-17 57000]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-3 20288]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\Windows\System32\Drivers\avgboota.sys [2012-10-26 20912]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-9-17 43832]
.
=============== Created Last 30 ================
.
2013-01-10 04:46:53 -------- d-----w- C:\Program Files (x86)\InstantStorm
2013-01-09 05:10:41 -------- d-----w- C:\Users\Jevonne\AppData\Local\Mozilla
2013-01-09 05:05:47 86016 ----a-w- C:\Windows\System32\ncryptsslp.dll
2013-01-09 05:05:47 71168 ----a-w- C:\Windows\SysWow64\ncryptsslp.dll
2013-01-09 05:05:12 2361344 ----a-w- C:\Windows\System32\msxml6.dll
2013-01-09 05:05:12 1836032 ----a-w- C:\Windows\System32\msxml3.dll
2013-01-09 05:05:11 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2013-01-09 05:05:11 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2013-01-09 05:05:11 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2013-01-09 05:05:11 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2013-01-09 05:05:11 1802240 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-01-09 05:05:11 1438720 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-01-09 05:05:10 4056064 ----a-w- C:\Windows\System32\win32k.sys
2013-01-07 12:31:49 -------- d-----w- C:\Users\Jevonne\AppData\Roaming\WildTangent
2013-01-07 02:05:57 -------- d-----w- C:\Users\Jevonne\AppData\Local\HP
2013-01-06 21:08:40 -------- d-----w- C:\Users\Jevonne\AppData\Local\CrashDumps
2013-01-06 21:00:06 18528 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm2.bin
2013-01-06 20:06:49 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2013-01-06 20:06:49 -------- d-----w- C:\Program Files (x86)\World of Warcraft
2013-01-06 20:06:49 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2013-01-06 20:06:15 -------- d-----w- C:\ProgramData\Battle.net
2013-01-06 20:05:10 -------- d-----w- C:\Users\Jevonne\AppData\Roaming\LolClient
2013-01-06 20:04:36 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll
2013-01-06 20:04:36 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll
2013-01-06 20:04:36 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2013-01-06 20:04:36 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2013-01-06 20:04:35 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2013-01-06 19:55:18 -------- d-----w- C:\Users\Jevonne\AppData\Roaming\AVG2013
2013-01-06 19:52:08 -------- d-----w- C:\Users\Jevonne\AppData\Roaming\hpqlog
2013-01-06 19:52:05 -------- d-----w- C:\Users\Jevonne\AppData\Roaming\TuneUp Software
2013-01-06 19:49:40 -------- d-----w- C:\ProgramData\AVG2013
2013-01-06 19:49:00 -------- d-----w- C:\Program Files (x86)\AVG
2013-01-06 19:38:43 -------- d--h--w- C:\ProgramData\Common Files
2013-01-06 19:38:43 -------- d-----w- C:\Users\Jevonne\AppData\Local\MFAData
2013-01-06 19:38:43 -------- d-----w- C:\Users\Jevonne\AppData\Local\Avg2013
2013-01-06 19:38:43 -------- d-----w- C:\ProgramData\MFAData
2013-01-06 19:28:57 -------- d-----w- C:\Users\Jevonne\AppData\Local\Google
2013-01-06 19:26:54 -------- d-----r- C:\Program Files (x86)\Skype
2013-01-06 19:22:55 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-01-06 19:22:43 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-01-06 19:22:38 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-01-06 19:22:01 -------- d-----w- C:\Users\Jevonne\AppData\Local\Programs
2013-01-06 19:18:59 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2013-01-06 19:18:59 18912 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2013-01-06 19:18:36 -------- d-----w- C:\ProgramData\TrueSuite
2013-01-06 19:18:01 -------- d-----w- C:\Users\Jevonne\AppData\Local\PMB Files
2013-01-06 19:17:59 -------- d-----w- C:\ProgramData\PMB Files
2013-01-06 19:17:45 -------- d-----w- C:\Program Files (x86)\Pando Networks
2013-01-06 19:16:42 -------- d-----w- C:\Users\Jevonne\AppData\Local\Deployment
2013-01-06 19:12:27 -------- d-----w- C:\Users\Jevonne\AppData\Local\AMD
2013-01-06 19:12:20 -------- d-----w- C:\Users\Jevonne\AppData\Local\ATI
2013-01-06 19:10:57 -------- d-----w- C:\Users\Jevonne\AppData\Local\Apps
2013-01-06 19:10:50 -------- d-----r- C:\Users\Jevonne\Searches
2013-01-06 19:10:17 -------- d-----w- C:\Users\Jevonne\AppData\Local\Hewlett-Packard
2013-01-06 19:09:31 -------- d-----w- C:\Users\Jevonne\AppData\Local\Power2Go8
2013-01-06 19:09:24 -------- d-----w- C:\Users\Jevonne\AppData\Local\AuthenTec
2013-01-06 19:09:09 -------- d-----w- C:\Users\Jevonne\AppData\Roaming\Synaptics
2013-01-06 19:08:50 -------- d-----w- C:\Users\Jevonne\AppData\Local\VirtualStore
2013-01-06 13:22:54 945152 ----a-w- C:\Windows\System32\resetengmig.dll
2013-01-06 13:22:54 443392 ----a-w- C:\Windows\System32\ReAgent.dll
2013-01-06 13:22:54 375808 ----a-w- C:\Windows\SysWow64\ReAgent.dll
2013-01-06 13:22:54 132096 ----a-w- C:\Windows\System32\sysreset.exe
2013-01-06 13:22:54 1009664 ----a-w- C:\Windows\System32\reseteng.dll
2013-01-06 13:20:04 148480 ----a-w- C:\Windows\System32\poqexec.exe
2013-01-06 13:20:02 132608 ----a-w- C:\Windows\SysWow64\poqexec.exe
2013-01-06 13:20:01 144384 ----a-w- C:\Windows\System32\tssdisai.dll
2013-01-06 13:20:01 135680 ----a-w- C:\Windows\System32\appserverai.dll
2013-01-06 13:20:01 126976 ----a-w- C:\Windows\System32\RDWebAI.dll
2013-01-06 13:20:01 122880 ----a-w- C:\Windows\System32\VmHostAI.dll
2013-01-06 13:16:11 2893824 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2013-01-06 13:16:11 2400256 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2013-01-06 13:16:00 907776 ----a-w- C:\Windows\System32\uxtheme.dll
2013-01-06 13:16:00 53760 ----a-w- C:\Windows\System32\UXInit.dll
2013-01-06 13:16:00 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2013-01-06 13:13:40 94208 ----a-w- C:\Windows\System32\synceng.dll
2013-01-06 13:13:40 72192 ----a-w- C:\Windows\SysWow64\synceng.dll
2013-01-06 13:10:20 -------- d--h--w- C:\Users\Jevonne\AppData
2013-01-06 13:10:20 -------- d-----w- C:\Users\Jevonne\AppData\Local\Temp
2013-01-06 13:10:20 -------- d-----w- C:\Users\Jevonne\AppData\Local\Microsoft
2013-01-06 13:02:13 -------- d-----w- C:\Windows.old
2013-01-06 12:30:52 -------- d--h--w- C:\$SysReset
2013-01-06 12:02:00 -------- d-----w- C:\669865e116118ef708535d3e35dd63
2012-12-28 08:00:40 -------- d--h--w- C:\$AVG
2012-12-27 09:34:08 -------- d-----w- C:\Riot Games
2012-12-27 08:28:04 -------- d-----w- C:\Users\Jevonne\.swt
2012-12-27 07:38:33 -------- d-----r- C:\Users\Jevonne\Contacts
2012-12-27 07:34:44 -------- d-----w- C:\Users\Jevonne\AppData\Local\Packages
2012-12-27 07:33:54 -------- d-----r- C:\Users\Jevonne\Videos
2012-12-27 07:33:54 -------- d-----r- C:\Users\Jevonne\Saved Games
2012-12-27 07:33:54 -------- d-----r- C:\Users\Jevonne\Pictures
2012-12-27 07:33:54 -------- d-----r- C:\Users\Jevonne\Music
2012-12-27 07:33:54 -------- d-----r- C:\Users\Jevonne\Links
2012-12-27 07:33:54 -------- d-----r- C:\Users\Jevonne\Downloads
2012-12-27 07:33:54 -------- d-----r- C:\Users\Jevonne\Documents
2012-12-13 22:30:28 5955856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
==================== Find3M ====================
.
2012-12-18 23:32:58 80728 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-18 23:32:58 695640 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-16 08:28:20 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 08:20:01 35328 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-16 08:08:33 362496 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 07:57:09 300032 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-11-27 07:36:16 208736 ----a-w- C:\Windows\System32\drivers\avgwfpa.sys
2012-11-16 07:33:24 111968 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-11-15 06:08:41 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-15 06:06:34 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-08 04:25:35 1775104 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-08 04:24:27 2881536 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-08 04:24:22 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2012-11-08 04:24:22 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2012-11-08 04:24:19 75776 ----a-w- C:\Windows\SysWow64\fontsub.dll
2012-11-08 04:24:06 10752 ----a-w- C:\Windows\SysWow64\dciman32.dll
2012-11-08 04:22:19 2246656 ----a-w- C:\Windows\System32\wininet.dll
2012-11-08 04:21:00 3966464 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-08 04:20:56 67072 ----a-w- C:\Windows\System32\iesetup.dll
2012-11-08 04:20:56 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2012-11-08 04:20:50 96256 ----a-w- C:\Windows\System32\fontsub.dll
2012-11-08 04:20:37 14336 ----a-w- C:\Windows\System32\dciman32.dll
2012-11-08 04:02:16 3072 ----a-w- C:\Windows\System32\lpk.dll
2012-11-08 04:01:40 3072 ----a-w- C:\Windows\SysWow64\lpk.dll
2012-11-08 01:56:52 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2012-11-03 05:26:40 34816 ----a-w- C:\Windows\System32\dpnsvr.exe
2012-11-03 05:26:12 32256 ----a-w- C:\Windows\SysWow64\dpnsvr.exe
2012-11-03 05:24:34 8192 ----a-w- C:\Windows\SysWow64\dpnhupnp.dll
2012-11-03 05:24:34 8192 ----a-w- C:\Windows\SysWow64\dpnhpast.dll
2012-11-03 05:24:34 58880 ----a-w- C:\Windows\SysWow64\dpnathlp.dll
2012-11-03 05:24:34 375808 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-11-03 05:24:11 9216 ----a-w- C:\Windows\System32\dpnhupnp.dll
2012-11-03 05:24:11 9216 ----a-w- C:\Windows\System32\dpnhpast.dll
2012-11-03 05:24:11 67584 ----a-w- C:\Windows\System32\dpnathlp.dll
2012-11-03 05:24:11 463872 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-03 05:04:21 4096 ----a-w- C:\Windows\System32\dpnlobby.dll
2012-11-03 05:04:19 3584 ----a-w- C:\Windows\System32\dpnaddr.dll
2012-11-03 05:00:54 3072 ----a-w- C:\Windows\SysWow64\dpnlobby.dll
2012-11-03 05:00:53 2560 ----a-w- C:\Windows\SysWow64\dpnaddr.dll
2012-10-26 12:17:44 20912 ----a-w- C:\Windows\System32\drivers\avgboota.sys
2012-10-22 21:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2012-10-15 11:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
.
============= FINISH: 22:36:22.44 ===============


And here is the aswMBR

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-10 23:09:27
-----------------------------
23:09:27.399 OS Version: Windows x64 6.2.9200
23:09:27.399 Number of processors: 4 586 0x1001
23:09:27.401 ComputerName: JEVOX UserName:
23:09:27.907 Initialze error 1
23:12:51.376 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000003a
23:12:51.379 Disk 0 Vendor: ST750LM022_HN-M750MBB 2AR10002 Size: 715404MB BusType: 11
23:12:51.410 Disk 0 MBR read successfully
23:12:51.415 Disk 0 MBR scan
23:12:51.419 Disk 0 unknown MBR code
23:12:51.424 Disk 0 Partition 1 00 EE GPT 715404 MB offset 1
23:12:51.429 Disk 0 scanning C:\Windows\system32\drivers
23:12:51.434 Service scanning
23:12:52.164 Modules scanning
23:12:52.170 Disk 0 trace - called modules:
23:12:52.183 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
23:12:52.190 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065fe060]
23:12:52.194 3 CLASSPNP.SYS[fffff880012028aa] -> nt!IofCallDriver -> [0xfffffa80064ecb10]
23:12:52.198 5 hpdskflt.sys[fffff88001df0339] -> nt!IofCallDriver -> [0xfffffa80064038f0]
23:12:52.203 7 amd_xata.sys[fffff8800130c634] -> nt!IofCallDriver -> \Device\0000003a[0xfffffa80064357f0]
23:12:52.208 Scan finished successfully
23:13:14.698 Disk 0 MBR has been saved successfully to "C:\Users\Jevonne\Desktop\MBR.dat"
23:13:14.703 The log file has been saved successfully to "C:\Users\Jevonne\Desktop\aswMBR.txt"


Thank you very much for your time :)

shelf life
2013-01-23, 02:09
hi Disyute,

Sorry for the delay. If you still need help simply reply back.

Disyute
2013-01-26, 05:05
Hello and thank you for your response. Yes i would still like help as i believe the problem is still there and i have been ignoring it until i got a response :)

shelf life
2013-01-27, 00:57
hi Disyute,

Cookies arent really much to be worried about. These can be pretty much controlled with browser settings. Iam not familiar with what Spybots flags as a level 5, but if it includes a flash player cookie then I doubt it would include something like a password stealing trojan in the same level.

Lets see what Malwarebytes can dig up. You can keep and use the free version as a on demand antimalware app. The free version must be updated manually and a scan started manually:


Please download the free version of Malwarebytes (http://www.malwarebytes.org/products/malwarebytes_free/) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.
NOTE: The free version must be updated manually.

shelf life
2013-01-29, 01:24
hi Disyute,

So how are we looking on your end now?