Page 3 of 3 FirstFirst 123
Results 21 to 26 of 26

Thread: Click.GiftLoad not removed by spybot

  1. #21
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello pherron

    I will post the DDS scan log tomorrow evening
    No problem. See you tomorrow
    Proud Graduate of the WTT Classroom

  2. #22
    Junior Member
    Join Date
    Mar 2011
    Location
    UK
    Posts
    13

    Default

    AVG found one problem in Google Chrome cache.
    Spybot found tracking cookies

    DDS log below + Attach.zip
    Also posted logs for AVG & Spybot.

    Everything seems to be back to normal.
    Many thanks for your excellent help.


    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Peter Herron at 17:34:45.23 on 17/03/2011
    Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_24
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2046.1052 [GMT 0:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\oodag.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\AVG\AVG10\avgemcx.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Windows\system32\taskeng.exe
    C:\Users\Peter Herron\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: NXIECatcher Class: {83b80a9c-d91a-4f22-8dcf-ea7204039f79} - c:\program files\xi\netxfer\NXIEHelper.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: NetXfer: {c16cbaac-a75c-4db5-a0dd-cdf5cafcdd3a} - c:\program files\xi\netxfer\NXToolBar.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [Google Update] "c:\users\peter herron\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    dRun: [Nokia.PCSync] "c:\program files\nokia\nokia pc suite 6\PcSync2.exe" /NoDialog
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
    IE: {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - res://c:\program files\flash capture\fciext.dll/FCIEXT.htm
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
    DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.53.0.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} - hxxp://static.photobox.co.uk/sg/common/uploader_uni.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} - hxxp://www.instantaction.com/download/iaplayer.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Notify: igfxcui - igfxdev.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\peterh~1\appdata\roaming\mozilla\firefox\profiles\y6gzbwgg.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
    R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-9-12 20328]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-3-20 21504]
    R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-3-13 1153368]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-7-14 239648]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 27216]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-15 136176]
    S3 IAMT03;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\drivers\IAMT03.sys [2007-5-9 40848]
    S3 IAMTV;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\drivers\IAMTV.sys [2007-5-9 38280]
    S3 Media Jukebox 14 Service;Media Jukebox 14 Service;c:\program files\j river\media jukebox 14\JRService.exe [2011-1-26 379400]
    S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-6-28 1310720]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 IAMTXP;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXP.sys [2007-5-9 47496]
    S4 ioatdma;IOATDMA.SYS Intel(R) 5000 Series Chipsets Integrated Device - 1A38;c:\windows\system32\drivers\ioatdma.sys [2007-5-9 32136]
    S4 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2007-5-9 34176]
    S4 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2007-5-9 28800]
    .
    =============== File Associations ===============
    .
    .txt=
    .
    =============== Created Last 30 ================
    .
    2011-03-16 22:50:03 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-03-16 19:50:03 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-03-16 19:50:01 -------- d-----w- c:\users\peterh~1\appdata\local\temp
    2011-03-15 21:46:28 -------- d-----w- c:\program files\ESET
    2011-03-15 21:34:50 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    2011-03-15 21:34:49 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-03-15 19:58:32 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{f907cdb6-393a-4c13-b4c8-727e2f8bf2c5}\mpengine.dll
    2011-03-14 19:22:13 429056 ----a-w- c:\windows\system32\EncDec.dll
    2011-03-14 19:22:12 322560 ----a-w- c:\windows\system32\sbe.dll
    2011-03-14 19:22:12 177664 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-03-14 19:22:12 153088 ----a-w- c:\windows\system32\sbeio.dll
    2011-03-14 19:22:05 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-03-14 19:22:05 2067968 ----a-w- c:\windows\system32\mstscax.dll
    2011-03-13 18:02:51 -------- d-----w- c:\users\peterh~1\appdata\roaming\SUPERAntiSpyware.com
    2011-03-13 18:02:51 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
    2011-03-13 18:02:41 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-03-13 14:57:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-03-13 14:57:51 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
    2011-02-24 09:50:15 2048 ----a-w- c:\windows\system32\winrsmgr.dll
    2011-02-24 09:49:13 40448 ----a-w- c:\windows\system32\winrs.exe
    2011-02-24 09:49:13 20480 ----a-w- c:\windows\system32\winrshost.exe
    2011-02-24 09:49:13 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
    2011-02-24 09:49:03 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
    2011-02-24 09:49:03 10240 ----a-w- c:\windows\system32\winrssrv.dll
    2011-02-22 16:12:20 -------- d-----w- c:\users\peterh~1\appdata\roaming\FastStone
    2011-02-22 16:12:09 -------- d-----w- c:\program files\FastStone Photo Resizer
    .
    ==================== Find3M ====================
    .
    2011-02-15 08:46:36 522928 ----a-w- c:\windows\system32\SpoonUninstall.exe
    2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
    2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
    2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
    2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
    2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
    2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
    2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
    2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
    2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
    2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
    2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
    2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-18 06:22:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-12-18 06:22:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32\html.iec
    2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-12-18 04:47:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    .
    ============= FINISH: 17:36:21.04 ===============



    AVG scan result:


    "";"C:\Users\Peter Herron\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002c";"Corrupted executable file";"Moved to Virus Vault"


    ==============================================

    SpyBot S&D scan result:

    Right Media: Tracking cookie (Internet Explorer: Peter Herron) (Cookie, nothing done)


    MediaPlex: Tracking cookie (Internet Explorer: Peter Herron) (Cookie, nothing done)


    DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    Statcounter: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)



    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SDWinSec.exe (1.0.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2011-03-13 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2011-02-24 Includes\Adware.sbi (*)
    2011-03-15 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2010-12-14 Includes\Dialer.sbi (*)
    2011-03-08 Includes\DialerC.sbi (*)
    2011-02-24 Includes\HeavyDuty.sbi (*)
    2010-11-30 Includes\Hijackers.sbi (*)
    2011-03-08 Includes\HijackersC.sbi (*)
    2010-09-15 Includes\iPhone.sbi (*)
    2010-12-14 Includes\Keyloggers.sbi (*)
    2011-03-08 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2011-02-24 Includes\Malware.sbi (*)
    2011-03-16 Includes\MalwareC.sbi (*)
    2011-02-24 Includes\PUPS.sbi (*)
    2011-03-15 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2009-01-13 Includes\Security.sbi (*)
    2011-03-08 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2011-02-24 Includes\Spyware.sbi (*)
    2011-03-15 Includes\SpywareC.sbi (*)
    2010-03-08 Includes\Tracks.uti
    2010-12-28 Includes\Trojans.sbi (*)
    2011-03-15 Includes\TrojansC-02.sbi (*)
    2011-03-03 Includes\TrojansC-03.sbi (*)
    2011-03-08 Includes\TrojansC-04.sbi (*)
    2011-03-08 Includes\TrojansC-05.sbi (*)
    2011-03-08 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll

  3. #23
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello pherron

    Logs are looking good (just a few minor things to take care of).

    You still appear to have BitTorrent installed. You would be doing yourself a huge favour by uninstalling it.

    1. Please un-install J2SE Runtime Environment 5.0 Update 12


      • You already have the latest version of Java installed.
      • Outdated versions of Java have security flaws that are exploited by malware writers.
      • Click on "Windows Orb" then on "Computer" and then on the "Uninstall or change a program" tab.
      • A list of currently installed programs will be displayed.
      • Find the "J2SE Runtime Environment 5.0 Update 12" program, click on it once and then click on the "uninstall" button.
      • If you are prompted to re-boot your computer to complete the uninstall please do so.


      AVG found one problem in Google Chrome cache
      It looks as though AVG has quarantined the offending item, so it should no longer cause you any problems.

      Spybot found tracking cookies
      Allow Spybot to remove those cookies. If it is unable to do so, open SuperAntiSpyware, update it and run a full scan. Should there be any remaining cookie issues we can always block them manually although it is highly unlikely that they will cause any harm to your machine.

      Lets remove the tools we used in cleaning your system:

      You have already uninstalled ComboFix

    2. Removal of Tools


      • You no longer need DDS, GMER or OTM. Please delete them from your machine.


    3. Your Adobe Reader is out of date


      • You can obtain the latest version of Adobe Reader from here, and the latest version of Flash Player from here.
      • For more information and links to Adobe updates and downloads click here.



      Once you have completed the above steps you should be good to go! If you have any further questions, please feel free to ask.

    4. Finally, please take the time to read through the information provided below:

      Enhance your System Security

      • For an excellent list of free anti virus software, free online virus scanners, free spyware detection/removal and free firewalls, click here.


      • IMPORTANT! Please make sure you only have ONE firewall and ONE real-time antivirus installed on your system. When using "on demand" scanners, first update the detection signature files, then disconnect from the internet and disable your resident security program before running the scan.
      • Once complete, remember to re-engage your resident security before going online.


      Web Browsers and Browser Security

      Firefox
      • Firefox is generally considered to have greater browsing security in comparison to other popular programs. You can download Firefox 3.0 from here.


      No-Script
      • If you use Firefox as your default browser, No-Script can provide additional security by preventing malicious scripts from being executed on your system.
      • You can download No-Script by clicking here.


      Internet Explorer
      • The newest version of Internet Explorer is available from here.


      SpywareBlaster
      • If you use Internet Explorer as your default browser, SpywareBlaster would be a valuable addition to your online security.
      • SpywareBlaster prevents malicious ActiveX objects from being downloaded onto your system.
      • You can download SpywareBlaster by clicking here.


      Web of Trust
      • When using search engines, Web of Trust provides you with an easy way of telling the good sites from the bad and is compatible with both Firefox and Internet Explorer.
      • Coloured symbols are displayed next to search results, giving you more confidence in the links you choose to click on: Green (To go), Yellow (Caution) and Red (Stop).
      • You can download Web of Trust by clicking here.


      Keep your Software Updated
      • Outdated software can sometimes have vulnerabilities that are exploitable by malware.
      • Check if there are available updates for your installed software with Secunia's Online Software Inspector by clicking here.


      Passwords
      • Learn how to create strong passwords by clicking here and test the strength of the passwords you already use by clicking here.


      General Reading


      Learn How To Combat Malware
      • Would you like to learn how to fight back against malware and help others? Enroll at the What The Tech (Formerly Tom Coyotes) Malware Classroom by clicking here.
    Proud Graduate of the WTT Classroom

  4. #24
    Junior Member
    Join Date
    Mar 2011
    Location
    UK
    Posts
    13

    Default



    Thank you for all your help. It's really brilliant that people like you are so willing to give of their time. I'll work my way through all the advice. Have a good weekend (well only one more day to go).

    All the best.

  5. #25
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Thank you for all your help
    You are Very Welcome pherron

    Best wishes
    JonTom
    Proud Graduate of the WTT Classroom

  6. #26
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Since this problem appears to be resolved this topic is now closed.

    Glad we could help

    Best wishes
    JonTom
    Proud Graduate of the WTT Classroom

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •