Results 1 to 5 of 5

Thread: Malware "removed' keeps coming back.

  1. #1
    Junior Member
    Join Date
    Jan 2013
    Posts
    2

    Default Malware "removed' keeps coming back.

    Hello good night, I recently bought this laptop (about two weeks ago) I installed Spybot S&D 2.0 (the one with the new layout) and AVG and decided to run a scan on both. The Avg scan came up with nothing but the Spybot came up with like 6 infections like four level 5's and some level 1's one of the level 5's was 'Macromedia.flashplayer.cookies' or something to that effect so i fixed the problems as administrator then ran a rescan and i ended up finding more infections. I would like some assistance to find out what exactly is causing this and if these level 5 infections are serious and can steal my passwords and things of that nature thank you in advance.

    Here is my dds:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16453
    Run by Jevonne at 22:35:17 on 2013-01-10
    Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.5594.1785 [GMT -8:00]
    .
    AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\Hpservice.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k WbioSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Windows\system32\svchost.exe -k apphost
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\dashost.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Windows\system32\valWBFPolicyService.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\AuthenTec\TrueService.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    C:\Windows\System32\LogonUI.exe
    C:\Windows\System32\dwm.exe
    C:\Windows\system32\dwm.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\taskhostex.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
    C:\Program Files\Common Files\AuthenTec\TrueService.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\HP SimplePass\TouchControl.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Jevonne\AppData\Local\Apps\2.0\XD5QP6LD.HNH\3H1YMHKE.5MZ\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\CurseClient.exe
    C:\Program Files (x86)\World of Warcraft\Wow-64.exe
    C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\msiexec.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.bing.com?pc=HPNTDFJS
    uDefault_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
    mStart Page = hxxp://www.bing.com?pc=HPNTDFJS
    mDefault_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
    mWinlogon: Userinit = userinit.exe
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
    mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    StartupFolder: C:\Users\Jevonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: NameServer = 65.183.0.76 65.183.0.86
    TCP: Interfaces\{FC19A893-51CD-4E47-BB1F-B945B5B0FD12} : DHCPNameServer = 65.183.0.76 65.183.0.86
    TCP: Interfaces\{FC19A893-51CD-4E47-BB1F-B945B5B0FD12}\05C6F6F63786 : DHCPNameServer = 65.183.0.76 65.183.0.86
    TCP: Interfaces\{FC19A893-51CD-4E47-BB1F-B945B5B0FD12}\14E64627F696461405 : DHCPNameServer = 192.168.43.1
    TCP: Interfaces\{FC19A893-51CD-4E47-BB1F-B945B5B0FD12}\3416D60796F6E6F584F6473507F647 : DHCPNameServer = 172.16.22.2
    TCP: Interfaces\{FC19A893-51CD-4E47-BB1F-B945B5B0FD12}\45D4162747 : DHCPNameServer = 10.1.10.1
    TCP: Interfaces\{FC19A893-51CD-4E47-BB1F-B945B5B0FD12}\D202D456E647F63702D2 : DHCPNameServer = 8.8.4.4 173.255.240.156
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: SDWinLogon - SDWinLogon.dll
    SSODL: WebCheck - <orphaned>
    x64-mStart Page = hxxp://www.bing.com?pc=HPNTDFJS
    x64-mDefault_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Jevonne\AppData\Roaming\Mozilla\Firefox\Profiles\5jdzhsp9.default\
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - ExtSQL: 2013-01-08 16:51; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-7-24 79528]
    R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-7-24 26280]
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\Drivers\avgidsha.sys [2012-10-15 63328]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\Drivers\avgloga.sys [2012-9-21 225120]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\Drivers\avgmfx64.sys [2012-11-15 111968]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\Drivers\avgrkx64.sys [2012-9-14 40800]
    R1 Avgfwfd;AVG network filter service;C:\Windows\System32\Drivers\avgfwd6a.sys [2012-9-4 50296]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\Drivers\avgidsdrivera.sys [2012-10-22 154464]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\Drivers\avgldx64.sys [2012-10-2 185696]
    R1 Avgwfpa;AVG Firewall Driver;C:\Windows\System32\Drivers\avgwfpa.sys [2012-11-26 208736]
    R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2012-9-17 92536]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-8-8 239616]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-8 361984]
    R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\Drivers\appexDrv.sys [2012-9-17 199008]
    R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2012-12-10 1342024]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [2012-8-10 1641320]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-8-10 85504]
    R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-8-10 29600]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-7-9 35232]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-1-6 1103392]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-1-6 1369624]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-1-6 168384]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
    R2 valWBFPolicyService;Validity WBF Policy Service;C:\Windows\System32\valWBFPolicyService.exe [2012-8-18 28160]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-7-17 98472]
    R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\Drivers\RtsBaStor.sys [2012-9-17 294544]
    R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-9-17 690832]
    R3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-9-17 41272]
    R3 TrueService;TrueAPI Service component;C:\Program Files\Common Files\AuthenTec\TrueService.exe [2012-7-16 401256]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2012-9-17 57000]
    R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-3 20288]
    S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\Windows\System32\Drivers\avgboota.sys [2012-10-26 20912]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-9-17 43832]
    .
    =============== Created Last 30 ================
    .
    2013-01-10 04:46:53 -------- d-----w- C:\Program Files (x86)\InstantStorm
    2013-01-09 05:10:41 -------- d-----w- C:\Users\Jevonne\AppData\Local\Mozilla
    2013-01-09 05:05:47 86016 ----a-w- C:\Windows\System32\ncryptsslp.dll
    2013-01-09 05:05:47 71168 ----a-w- C:\Windows\SysWow64\ncryptsslp.dll
    2013-01-09 05:05:12 2361344 ----a-w- C:\Windows\System32\msxml6.dll
    2013-01-09 05:05:12 1836032 ----a-w- C:\Windows\System32\msxml3.dll
    2013-01-09 05:05:11 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
    2013-01-09 05:05:11 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
    2013-01-09 05:05:11 2048 ----a-w- C:\Windows\System32\msxml6r.dll
    2013-01-09 05:05:11 2048 ----a-w- C:\Windows\System32\msxml3r.dll
    2013-01-09 05:05:11 1802240 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2013-01-09 05:05:11 1438720 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2013-01-09 05:05:10 4056064 ----a-w- C:\Windows\System32\win32k.sys
    2013-01-07 12:31:49 -------- d-----w- C:\Users\Jevonne\AppData\Roaming\WildTangent
    2013-01-07 02:05:57 -------- d-----w- C:\Users\Jevonne\AppData\Local\HP
    2013-01-06 21:08:40 -------- d-----w- C:\Users\Jevonne\AppData\Local\CrashDumps
    2013-01-06 21:00:06 18528 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm2.bin
    2013-01-06 20:06:49 -------- d-----w- C:\ProgramData\Blizzard Entertainment
    2013-01-06 20:06:49 -------- d-----w- C:\Program Files (x86)\World of Warcraft
    2013-01-06 20:06:49 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
    2013-01-06 20:06:15 -------- d-----w- C:\ProgramData\Battle.net
    2013-01-06 20:05:10 -------- d-----w- C:\Users\Jevonne\AppData\Roaming\LolClient
    2013-01-06 20:04:36 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll
    2013-01-06 20:04:36 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll
    2013-01-06 20:04:36 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
    2013-01-06 20:04:36 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
    2013-01-06 20:04:35 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
    2013-01-06 19:55:18 -------- d-----w- C:\Users\Jevonne\AppData\Roaming\AVG2013
    2013-01-06 19:52:08 -------- d-----w- C:\Users\Jevonne\AppData\Roaming\hpqlog
    2013-01-06 19:52:05 -------- d-----w- C:\Users\Jevonne\AppData\Roaming\TuneUp Software
    2013-01-06 19:49:40 -------- d-----w- C:\ProgramData\AVG2013
    2013-01-06 19:49:00 -------- d-----w- C:\Program Files (x86)\AVG
    2013-01-06 19:38:43 -------- d--h--w- C:\ProgramData\Common Files
    2013-01-06 19:38:43 -------- d-----w- C:\Users\Jevonne\AppData\Local\MFAData
    2013-01-06 19:38:43 -------- d-----w- C:\Users\Jevonne\AppData\Local\Avg2013
    2013-01-06 19:38:43 -------- d-----w- C:\ProgramData\MFAData
    2013-01-06 19:28:57 -------- d-----w- C:\Users\Jevonne\AppData\Local\Google
    2013-01-06 19:26:54 -------- d-----r- C:\Program Files (x86)\Skype
    2013-01-06 19:22:55 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2013-01-06 19:22:43 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
    2013-01-06 19:22:38 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2013-01-06 19:22:01 -------- d-----w- C:\Users\Jevonne\AppData\Local\Programs
    2013-01-06 19:18:59 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
    2013-01-06 19:18:59 18912 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
    2013-01-06 19:18:36 -------- d-----w- C:\ProgramData\TrueSuite
    2013-01-06 19:18:01 -------- d-----w- C:\Users\Jevonne\AppData\Local\PMB Files
    2013-01-06 19:17:59 -------- d-----w- C:\ProgramData\PMB Files
    2013-01-06 19:17:45 -------- d-----w- C:\Program Files (x86)\Pando Networks
    2013-01-06 19:16:42 -------- d-----w- C:\Users\Jevonne\AppData\Local\Deployment
    2013-01-06 19:12:27 -------- d-----w- C:\Users\Jevonne\AppData\Local\AMD
    2013-01-06 19:12:20 -------- d-----w- C:\Users\Jevonne\AppData\Local\ATI
    2013-01-06 19:10:57 -------- d-----w- C:\Users\Jevonne\AppData\Local\Apps
    2013-01-06 19:10:50 -------- d-----r- C:\Users\Jevonne\Searches
    2013-01-06 19:10:17 -------- d-----w- C:\Users\Jevonne\AppData\Local\Hewlett-Packard
    2013-01-06 19:09:31 -------- d-----w- C:\Users\Jevonne\AppData\Local\Power2Go8
    2013-01-06 19:09:24 -------- d-----w- C:\Users\Jevonne\AppData\Local\AuthenTec
    2013-01-06 19:09:09 -------- d-----w- C:\Users\Jevonne\AppData\Roaming\Synaptics
    2013-01-06 19:08:50 -------- d-----w- C:\Users\Jevonne\AppData\Local\VirtualStore
    2013-01-06 13:22:54 945152 ----a-w- C:\Windows\System32\resetengmig.dll
    2013-01-06 13:22:54 443392 ----a-w- C:\Windows\System32\ReAgent.dll
    2013-01-06 13:22:54 375808 ----a-w- C:\Windows\SysWow64\ReAgent.dll
    2013-01-06 13:22:54 132096 ----a-w- C:\Windows\System32\sysreset.exe
    2013-01-06 13:22:54 1009664 ----a-w- C:\Windows\System32\reseteng.dll
    2013-01-06 13:20:04 148480 ----a-w- C:\Windows\System32\poqexec.exe
    2013-01-06 13:20:02 132608 ----a-w- C:\Windows\SysWow64\poqexec.exe
    2013-01-06 13:20:01 144384 ----a-w- C:\Windows\System32\tssdisai.dll
    2013-01-06 13:20:01 135680 ----a-w- C:\Windows\System32\appserverai.dll
    2013-01-06 13:20:01 126976 ----a-w- C:\Windows\System32\RDWebAI.dll
    2013-01-06 13:20:01 122880 ----a-w- C:\Windows\System32\VmHostAI.dll
    2013-01-06 13:16:11 2893824 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
    2013-01-06 13:16:11 2400256 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
    2013-01-06 13:16:00 907776 ----a-w- C:\Windows\System32\uxtheme.dll
    2013-01-06 13:16:00 53760 ----a-w- C:\Windows\System32\UXInit.dll
    2013-01-06 13:16:00 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
    2013-01-06 13:13:40 94208 ----a-w- C:\Windows\System32\synceng.dll
    2013-01-06 13:13:40 72192 ----a-w- C:\Windows\SysWow64\synceng.dll
    2013-01-06 13:10:20 -------- d--h--w- C:\Users\Jevonne\AppData
    2013-01-06 13:10:20 -------- d-----w- C:\Users\Jevonne\AppData\Local\Temp
    2013-01-06 13:10:20 -------- d-----w- C:\Users\Jevonne\AppData\Local\Microsoft
    2013-01-06 13:02:13 -------- d-----w- C:\Windows.old
    2013-01-06 12:30:52 -------- d--h--w- C:\$SysReset
    2013-01-06 12:02:00 -------- d-----w- C:\669865e116118ef708535d3e35dd63
    2012-12-28 08:00:40 -------- d--h--w- C:\$AVG
    2012-12-27 09:34:08 -------- d-----w- C:\Riot Games
    2012-12-27 08:28:04 -------- d-----w- C:\Users\Jevonne\.swt
    2012-12-27 07:38:33 -------- d-----r- C:\Users\Jevonne\Contacts
    2012-12-27 07:34:44 -------- d-----w- C:\Users\Jevonne\AppData\Local\Packages
    2012-12-27 07:33:54 -------- d-----r- C:\Users\Jevonne\Videos
    2012-12-27 07:33:54 -------- d-----r- C:\Users\Jevonne\Saved Games
    2012-12-27 07:33:54 -------- d-----r- C:\Users\Jevonne\Pictures
    2012-12-27 07:33:54 -------- d-----r- C:\Users\Jevonne\Music
    2012-12-27 07:33:54 -------- d-----r- C:\Users\Jevonne\Links
    2012-12-27 07:33:54 -------- d-----r- C:\Users\Jevonne\Downloads
    2012-12-27 07:33:54 -------- d-----r- C:\Users\Jevonne\Documents
    2012-12-13 22:30:28 5955856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
    .
    ==================== Find3M ====================
    .
    2012-12-18 23:32:58 80728 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-18 23:32:58 695640 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-12-16 08:28:20 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 08:20:01 35328 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-16 08:08:33 362496 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 07:57:09 300032 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-11-27 07:36:16 208736 ----a-w- C:\Windows\System32\drivers\avgwfpa.sys
    2012-11-16 07:33:24 111968 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
    2012-11-15 06:08:41 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-15 06:06:34 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-08 04:25:35 1775104 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-08 04:24:27 2881536 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-08 04:24:22 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2012-11-08 04:24:22 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2012-11-08 04:24:19 75776 ----a-w- C:\Windows\SysWow64\fontsub.dll
    2012-11-08 04:24:06 10752 ----a-w- C:\Windows\SysWow64\dciman32.dll
    2012-11-08 04:22:19 2246656 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-08 04:21:00 3966464 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-08 04:20:56 67072 ----a-w- C:\Windows\System32\iesetup.dll
    2012-11-08 04:20:56 136704 ----a-w- C:\Windows\System32\iesysprep.dll
    2012-11-08 04:20:50 96256 ----a-w- C:\Windows\System32\fontsub.dll
    2012-11-08 04:20:37 14336 ----a-w- C:\Windows\System32\dciman32.dll
    2012-11-08 04:02:16 3072 ----a-w- C:\Windows\System32\lpk.dll
    2012-11-08 04:01:40 3072 ----a-w- C:\Windows\SysWow64\lpk.dll
    2012-11-08 01:56:52 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
    2012-11-03 05:26:40 34816 ----a-w- C:\Windows\System32\dpnsvr.exe
    2012-11-03 05:26:12 32256 ----a-w- C:\Windows\SysWow64\dpnsvr.exe
    2012-11-03 05:24:34 8192 ----a-w- C:\Windows\SysWow64\dpnhupnp.dll
    2012-11-03 05:24:34 8192 ----a-w- C:\Windows\SysWow64\dpnhpast.dll
    2012-11-03 05:24:34 58880 ----a-w- C:\Windows\SysWow64\dpnathlp.dll
    2012-11-03 05:24:34 375808 ----a-w- C:\Windows\SysWow64\dpnet.dll
    2012-11-03 05:24:11 9216 ----a-w- C:\Windows\System32\dpnhupnp.dll
    2012-11-03 05:24:11 9216 ----a-w- C:\Windows\System32\dpnhpast.dll
    2012-11-03 05:24:11 67584 ----a-w- C:\Windows\System32\dpnathlp.dll
    2012-11-03 05:24:11 463872 ----a-w- C:\Windows\System32\dpnet.dll
    2012-11-03 05:04:21 4096 ----a-w- C:\Windows\System32\dpnlobby.dll
    2012-11-03 05:04:19 3584 ----a-w- C:\Windows\System32\dpnaddr.dll
    2012-11-03 05:00:54 3072 ----a-w- C:\Windows\SysWow64\dpnlobby.dll
    2012-11-03 05:00:53 2560 ----a-w- C:\Windows\SysWow64\dpnaddr.dll
    2012-10-26 12:17:44 20912 ----a-w- C:\Windows\System32\drivers\avgboota.sys
    2012-10-22 21:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
    2012-10-15 11:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
    .
    ============= FINISH: 22:36:22.44 ===============


    And here is the aswMBR

    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2013-01-10 23:09:27
    -----------------------------
    23:09:27.399 OS Version: Windows x64 6.2.9200
    23:09:27.399 Number of processors: 4 586 0x1001
    23:09:27.401 ComputerName: JEVOX UserName:
    23:09:27.907 Initialze error 1
    23:12:51.376 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000003a
    23:12:51.379 Disk 0 Vendor: ST750LM022_HN-M750MBB 2AR10002 Size: 715404MB BusType: 11
    23:12:51.410 Disk 0 MBR read successfully
    23:12:51.415 Disk 0 MBR scan
    23:12:51.419 Disk 0 unknown MBR code
    23:12:51.424 Disk 0 Partition 1 00 EE GPT 715404 MB offset 1
    23:12:51.429 Disk 0 scanning C:\Windows\system32\drivers
    23:12:51.434 Service scanning
    23:12:52.164 Modules scanning
    23:12:52.170 Disk 0 trace - called modules:
    23:12:52.183 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
    23:12:52.190 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065fe060]
    23:12:52.194 3 CLASSPNP.SYS[fffff880012028aa] -> nt!IofCallDriver -> [0xfffffa80064ecb10]
    23:12:52.198 5 hpdskflt.sys[fffff88001df0339] -> nt!IofCallDriver -> [0xfffffa80064038f0]
    23:12:52.203 7 amd_xata.sys[fffff8800130c634] -> nt!IofCallDriver -> \Device\0000003a[0xfffffa80064357f0]
    23:12:52.208 Scan finished successfully
    23:13:14.698 Disk 0 MBR has been saved successfully to "C:\Users\Jevonne\Desktop\MBR.dat"
    23:13:14.703 The log file has been saved successfully to "C:\Users\Jevonne\Desktop\aswMBR.txt"


    Thank you very much for your time

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,067

    Default

    hi Disyute,

    Sorry for the delay. If you still need help simply reply back.
    How Can I Reduce My Risk?

  3. #3
    Junior Member
    Join Date
    Jan 2013
    Posts
    2

    Default

    Hello and thank you for your response. Yes i would still like help as i believe the problem is still there and i have been ignoring it until i got a response

  4. #4
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,067

    Default

    hi Disyute,

    Cookies arent really much to be worried about. These can be pretty much controlled with browser settings. Iam not familiar with what Spybots flags as a level 5, but if it includes a flash player cookie then I doubt it would include something like a password stealing trojan in the same level.

    Lets see what Malwarebytes can dig up. You can keep and use the free version as a on demand antimalware app. The free version must be updated manually and a scan started manually:


    Please download the free version of Malwarebytes to your desktop.

    Double-click mbam-setup.exe and follow the prompts to install the program.

    Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

    If an update is found, it will download and install the latest version.

    Once the program has loaded, select Perform FULL SCAN, then click Scan.
    When the scan is complete, click OK, then Show Results to view the results.

    Be sure that everything is checked, and click *Remove Selected.*

    *A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

    When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
    Post the log in your reply.
    NOTE: The free version must be updated manually.
    How Can I Reduce My Risk?

  5. #5
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,067

    Default

    hi Disyute,

    So how are we looking on your end now?
    How Can I Reduce My Risk?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •