Results 1 to 8 of 8

Thread: Possible infection

  1. #1
    Member
    Join Date
    Oct 2008
    Location
    Central NJ
    Posts
    79

    Default

    Hello.
    i am looking for some help. my system has been acting up recently and I fear some infection which SEP is not catching. I would truely appreciate if someone could review the scans and tell me what is happening.
    thank you


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
    Run by Brendan at 22:06:55 on 2012-08-09
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3069.974 [GMT -4:00]
    .
    AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\PROGRA~1\COUPON~2\bar\1.bin\2pbarsvc.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\Windows\system32\CTsvcCDA.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
    C:\Nexon\MapleStory\npkcmsvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Windows\sttray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\CouponAlert_2p\bar\1.bin\2pbrmon.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\AIM7\aim.exe
    C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
    C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Program Files\NETGEAR Genie\bin\genie_tray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\System32\mobsync.exe
    C:\PROGRA~1\HP\PHOTOS~1\HP_IZE.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page =
    uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk
    uSearch Bar =
    uWindow Title = Internet Explorer provided by Dell
    mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4070816
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    uURLSearchHooks: N/A: {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - c:\program files\couponalert_2p\bar\1.bin\2pSrcAs.dll
    mURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Toolbar BHO: {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - c:\progra~1\coupon~2\bar\1.bin\2pbar.dll
    BHO: Search Assistant BHO: {60e91567-ef8a-4520-bce2-83aba5256799} - c:\program files\couponalert_2p\bar\1.bin\2pSrcAs.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
    TB: AOL Messaging Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
    TB: Coupon Alert: {3462c343-be19-4143-af70-cefb56f46fc6} - c:\program files\couponalert_2p\bar\1.bin\2pbar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB: {37153479-1976-43C3-A1EE-557513977B64} - No File
    uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
    uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Aim] "c:\program files\aim7\aim.exe" /d locale=en-US
    uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe"
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [Google Update] "c:\users\brendan\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [NETGEARGenie] "c:\program files\netgear genie\bin\NETGEARGenie.exe" -mini -redirect
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [UpdReg] c:\windows\UpdReg.EXE
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [<NO NAME>]
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
    mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [SigmatelSysTrayApp] sttray.exe
    mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [Coupon Alert Search Scope Monitor] "c:\progra~1\coupon~2\bar\1.bin\2psrchmn.exe" /m=2 /w /h
    mRun: [CouponAlert_2p Browser Plugin Loader] c:\progra~1\coupon~2\bar\1.bin\2pbrmon.exe
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    StartupFolder: c:\users\brendan\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
    StartupFolder: c:\users\brendan\appdata\roaming\micros~1\windows\startm~1\programs\startup\roller~1.lnk - c:\users\brendan\appdata\local\temp\{b3f349cd-6c29-4876-9942-1daac547ef0a}\{907b4640-266b-4a21-92fb-cd1a86cd0f63}\ATR1.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
    DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{5310604D-82E8-4270-A6EB-EF3BCB86971E} : DhcpNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\brendan\appdata\roaming\mozilla\firefox\profiles\0gj6qjmp.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Coupons.com Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=2&q=
    FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\coffplgn\components\coFFPlgn.dll
    FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\ipsffplgn\components\IPSFFPl.dll
    FF - component: c:\users\brendan\appdata\roaming\mozilla\firefox\profiles\0gj6qjmp.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}\components\RadioWMPCoreGecko19.dll
    FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\couponalert_2p\bar\1.bin\NP2pStub.dll
    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
    FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
    FF - plugin: c:\users\brendan\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    ============= SERVICES / DRIVERS ===============
    .
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
    R2 CouponAlert_2pService;Coupon AlertService;c:\progra~1\coupon~2\bar\1.bin\2pbarsvc.exe [2012-1-11 42504]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-23 21504]
    R2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files\netgear genie\bin\NETGEARGenieDaemon.exe [2012-3-7 1029408]
    R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2012-2-16 35088]
    R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-7-1 1832072]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-5-31 106656]
    R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-7 250056]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2010-5-21 23888]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-8-16 30192]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
    S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-20 129976]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-07-12 11:56:08 2047488 ----a-w- c:\windows\system32\win32k.sys
    2012-07-11 11:12:02 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
    2012-07-11 11:12:01 1401856 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-11 11:12:00 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2012-07-11 11:11:50 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-07-11 11:11:50 278528 ----a-w- c:\windows\system32\schannel.dll
    2012-07-11 11:11:50 204288 ----a-w- c:\windows\system32\ncrypt.dll
    .
    ==================== Find3M ====================
    .
    2012-08-02 22:51:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-02 22:51:11 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    .
    ============= FINISH: 22:08:03.72 ===============

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-08-09 22:15:38
    -----------------------------
    22:15:38.347 OS Version: Windows 6.0.6002 Service Pack 2
    22:15:38.347 Number of processors: 2 586 0xF06
    22:15:38.348 ComputerName: HOME-PC UserName: Brendan
    22:15:39.593 Initialize success
    22:16:39.648 AVAST engine defs: 12080901
    22:17:03.038 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    22:17:03.041 Disk 0 Vendor: WDC_WD80 10.0 Size: 76293MB BusType: 3
    22:17:03.043 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
    22:17:03.046 Disk 1 Vendor: ST310005 CC38 Size: 953869MB BusType: 3
    22:17:03.068 Disk 0 MBR read successfully
    22:17:03.071 Disk 0 MBR scan
    22:17:03.092 Disk 0 Windows VISTA default MBR code
    22:17:03.095 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
    22:17:03.115 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 81920
    22:17:03.133 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 66012 MB offset 21053440
    22:17:03.161 Disk 0 scanning sectors +156246016
    22:17:03.473 Disk 0 scanning C:\Windows\system32\drivers
    22:17:24.524 Service scanning
    22:17:52.648 Service SysPlant C:\Windows\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
    22:17:53.292 Service Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys **LOCKED** 32
    22:18:00.370 Service WPS C:\Windows\system32\drivers\wpsdrvnt.sys **LOCKED** 32
    22:18:00.426 Service WpsHelper C:\Windows\system32\drivers\WpsHelper.sys **LOCKED** 32
    22:18:01.502 Modules scanning
    22:18:10.006 Disk 0 trace - called modules:
    22:18:10.029 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
    22:18:10.035 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d0f6e8]
    22:18:10.041 3 CLASSPNP.SYS[8aba18b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85d10030]
    22:18:11.054 AVAST engine scan C:\Windows
    22:18:14.486 AVAST engine scan C:\Windows\system32
    22:22:34.371 AVAST engine scan C:\Windows\system32\drivers
    22:22:52.211 AVAST engine scan C:\Users\Brendan
    22:58:21.094 File: C:\Users\Brendan\Downloads\MyFunCards.exe **INFECTED** Win32:Adware-gen [Adw]
    23:04:25.069 AVAST engine scan C:\ProgramData
    23:10:48.493 Scan finished successfully
    23:17:09.405 Disk 0 MBR has been saved successfully to "C:\Users\Brendan\Desktop\MBR.dat"
    23:17:09.483 The log file has been saved successfully to "C:\Users\Brendan\Desktop\aswMBR.txt"

    I just realized that the attachment did not go thru. i will add the attachment shortly.

    Attach.txt (zipped) is attached
    Last edited by tashi; 2012-08-10 at 23:55. Reason: Merged three posts ;-)

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi tartarus,

    Your post is a few days old. If you still need help simply reply back.
    How Can I Reduce My Risk?

  3. #3
    Member
    Join Date
    Oct 2008
    Location
    Central NJ
    Posts
    79

    Default RE: Possible Infection

    hi

    yes, system still having issues.
    i was waiting patiently as I know how busy you all are.
    If someone can review logs and provide guidance, it would be greatly appreciated.

    thank you.

  4. #4
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    Have you recently updated and run Malwarebytes?
    Navigate here: C:\Users\Brendan\Downloads\ and delete this-->MyFunCards.exe
    Look in add/remove programs panel for: Market Research and uninstall it.
    How Can I Reduce My Risk?

  5. #5
    Member
    Join Date
    Oct 2008
    Location
    Central NJ
    Posts
    79

    Default RE: possible infection

    thanks.
    i deleted MyFunCards.exe.
    i don't see anything in programs and features named Market Research.
    i will download and run malwarebytes.

    thanks

  6. #6
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    i will download and run malwarebytes
    You already have it. Check it for updates first then run a full scan
    c:\program files\malwarebytes'
    How Can I Reduce My Risk?

  7. #7
    Member
    Join Date
    Oct 2008
    Location
    Central NJ
    Posts
    79

    Default RE: possible infection

    done. MWB cleaned up some things. thanks.
    i hope this has taken care of the problems.
    thanks
    brendan

  8. #8
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    The free version of MWB must be updated manually and a scan started manually. If it all looks good on your end, some tips to help you remain malware free:

    10 Tips for Prevention and Avoidance of Malware:
    There is no reason why your computer can not stay malware free.

    No software can think for you. Help yourself. In no special order:

    1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the Windows auto-update feature. Staying updated is also essential for other web based applications like Java, Adobe Flash/Reader, iTunes etc. More and more third party applications are being targeted. Use the auto-update features available in most software. Not sure if you are using the latest version of software? Check their version status and get the updates here.

    2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs that you may have malware on your computer.

    3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.

    4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. See also E-mail phishing Tricks.

    5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

    6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?

    7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista, Windows 7 and Windows 8 attempts to address.

    8) Install and understand the *limitations* of a software firewall.

    9) Your browser risks: The why and how to secure your browser for safer surfing.

    10) Warez, cracks, keygens etc are very popular for carrying malware payloads. If you look for these you will encounter malware. If you download/install files via p2p networks you will encounter malware. Do you really trust the source of the file?


    More info/tips with pictures, links below

    Happy Safe Surfing.
    How Can I Reduce My Risk?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •