Think I have a virus.

chubb3g114

Hi
My computer, a Dell running Windows 7 home premium, seems to have been infected with something. On start-up this morning there was a new icon for WINZIP 16.0 which I have not downloaded, I use WINRAR.
The computer screen is frozen nothing I click will open. Have tried to delete WINRAR but just get the message that it is open and cannot be deleted.
I have done a scan using Malwarebytes in safe mode and found nothing, at a loss as to what to do now.
Any help gratefully accepted.

chubb3g114

Figment

Do a System Restore from Safe mode

waddler_8

If you can, scan with mbam in normal mode (just a quick scan). Drivers it uses for better detection & removal don't load in safe mode.

Otherwise....

Download DDS from the link below and save it to your desktop:

Link

After you've downloaded it and saved it to your desktop:

• Double click DDS to run it.
• When it's finished, DDS will open two logs:

1. DDS.txt
2. Attach.txt

Save both reports to your desktop.

Copy & paste the contents of just DDS.txt for now and post it here (you may need to split the log over separate posts)

chubb3g114

Hi, Thanks for your help.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by DaVid at 12:42:37 on 2012-05-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4061.3243 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\helppane.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: VshareComplete: {222f31fb-a14e-4af2-bb14-997f28294370} - C:\Users\DaVid\AppData\Roaming\VshareComplete\VshareComplete.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
StartupFolder: C:\Users\DaVid\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-gb/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{355EFF2F-9257-4678-BFB0-F916FF10AB3F} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skyline - {3a4f9195-65a8-11d5-85c1-0001023952c1} - C:\Program Files (x86)\Skyline\TerraExplorer\TerraExplorerX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: VshareComplete: {222f31fb-a14e-4af2-bb14-997f28294370} - C:\Users\DaVid\AppData\Roaming\VshareComplete\VshareComplete.dll
BHO-X64: VshareComplete - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\DaVid\AppData\Roaming\Mozilla\Firefox\Profiles\8cm3mfem.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4d0b455c&i=23&tp=ab&nt=1&q=
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\DaVid\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\DaVid\AppData\Roaming\Mozilla\Firefox\Profiles\8cm3mfem.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
S1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
S2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
S2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-3-11 44768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 X86BDA;OEM Capture;C:\Windows\system32\DRIVERS\OEMDrv.sys --> C:\Windows\system32\DRIVERS\OEMDrv.sys [?]
S4 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-14 169624]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 257696]
S4 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2011-3-9 2708024]
S4 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
S4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-28 13336]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-10 654408]
S4 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-4 129976]
S4 RoxMediaDBVHS;RoxMediaDBVHS;C:\Program Files (x86)\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe [2010-2-19 1116656]
S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-3-9 705856]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-19 09:33:55 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CF876E4E-8591-4B21-BFFD-493B301E7BFA}\offreg.dll
2012-05-18 10:04:30 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CF876E4E-8591-4B21-BFFD-493B301E7BFA}\mpengine.dll
2012-05-18 08:07:41

---

d

---

w- C:\Users\DaVid\AppData\Local\WinZip
2012-05-12 17:20:00

---

d

---

w- C:\Windows\SysWow64\syncdb
2012-05-11 10:53:33 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-11 10:53:33 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-11 10:53:24 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-11 10:53:21 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-11 10:53:19 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-11 10:53:18 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-11 10:52:20 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-11 10:52:00 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-11 10:51:51 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-11 10:51:50 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 10:51:50 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 10:51:47 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-11 10:51:47 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-07 12:07:07

---

d

---

w- C:\Users\DaVid\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-05-07 08:09:31

---

d

---

w- C:\ProgramData\regid.1986-12.com.adobe
2012-05-04 08:10:30

---

d

---

w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-04 08:10:27 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-04 08:10:27 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
.
==================== Find3M ====================
.
2012-05-05 11:56:48 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 11:56:48 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 11:56:37 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-04 13:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-07 00:15:19 41184 ----a-w- C:\Windows\avastSS.scr
2012-03-07 00:04:06 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-03-07 00:02:20 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-03-07 00:01:52 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-03-05 13:27:02 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-28 06:39:37 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 05:38:52 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 04:31:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 03:52:27 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 08:18:36 279656

---

w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 12:43:48.27 ===============

waddler_8

Thanks, now post attach.txt

chubb3g114

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 23/04/2010 12:30:13
System Uptime: 19/05/2012 11:32:09 (1 hours ago)
.
Motherboard: Dell Inc. | | 0K83V0
Processor: Pentium(R) Dual-Core CPU E5400 @ 2.70GHz | CPU 1 | 2693/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 129.579 GiB free.
is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: sptd
Device ID: ROOT\LEGACY_SPTD\0000
Manufacturer:
Name: sptd
PNP Device ID: ROOT\LEGACY_SPTD\0000
Service: sptd
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: avast! Network Shield Support
Device ID: ROOT\LEGACY_ASWTDI\0000
Manufacturer:
Name: avast! Network Shield Support
PNP Device ID: ROOT\LEGACY_ASWTDI\0000
Service: aswTdi
.
==== System Restore Points ===================
.
RP398: 08/05/2012 09:29:37 - Windows Update
RP399: 11/05/2012 12:44:00 - Windows Update
RP400: 11/05/2012 23:08:12 - Windows Update
RP401: 15/05/2012 10:11:13 - Windows Update
RP402: 18/05/2012 12:03:16 - Windows Update
.
==== Installed Programs ======================
.
3GP Player 2010
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Community Help
Adobe Photoshop Elements 10
Adobe Reader X (10.1.3)
Apple Application Support
Apple Software Update
Articulate Quizmaker 2.1
avast! Free Antivirus
BitTorrent
calibre
Camera RAW Plug-In for EPSON Creativity Suite
CCScore
Compatibility Pack for the 2007 Office system
ConvertXtoDVD 4.1.19.365
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Getting Started Guide
Dell Resource CD
Dell Support Center (Support Software)
DirectX 9 Runtime
Driver Genius Professional Edition
Elements 10 Organizer
EPSON Attach To Email
EPSON Easy Photo Print
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
EPSON File Manager
EPSON Scan
EPSON Scan Assistant
EPSON Stylus SX200_SX400_TX200_TX400 Manual
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSTOOLS
essvatgt
Facebook Plug-In
FLV Player 2.0 (build 25)
FotoSketcher - Version 1.9
FotoSketcher 2.25
FUJIFILM MyFinePix Studio 3.1
Garmin City Navigator Europe NT 2012.10 Update
Hallmark Card Studio 2012 Deluxe
ImgBurn
Intel(R) Rapid Storage Technology
Internet TV for Windows Media Center
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
Kodak EasyShare software
Magic DVD Copier V6.1.0
MahJong Suite 2011 v8.2
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft AutoRoute 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SOAP Toolkit 3.0
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable Package
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Mobipocket Reader 6.2
Mozilla Firefox 12.0 (x86 en-GB)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Ultra Edition
neroxml
netbrdg
OfotoXMI
PowerDVD DX
PowerISO
PSE10 STI Installer
QuickTime
RAF
RAW FILE CONVERTER EX powered by SILKYPIX
Realtek High Definition Audio Driver
Roxio Burn
Roxio CinePlayer Decoder Pack
Roxio Easy VHS to DVD
Roxio Express Labeler
Roxio Video Capture USB
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
SFR
SHASTA
skin0001
SKINXSDK
staticcr
SuperMegaSpoof 2.0
Switch Sound File Converter
TerraExplorer
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
USB VIDEO DVR
Veetle TV 0.9.18
VirtualCloneDrive
Visual Business Cards 4
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
VPRINTOL
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR archiver
WIRELESS
.
==== Event Viewer Messages From Past Week ========
.
19/05/2012 12:43:45, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
19/05/2012 11:32:48, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
19/05/2012 11:32:44, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
19/05/2012 11:32:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
19/05/2012 11:32:29, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache ElbyCDIO SCDEmu spldr sptd Wanarpv6
19/05/2012 11:32:13, Error: sptd [4] - Driver detected an internal error in its data structures for .
19/05/2012 10:15:38, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
19/05/2012 10:13:41, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
19/05/2012 10:13:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
19/05/2012 10:13:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
19/05/2012 10:13:25, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi Avgfwfd DfsC discache ElbyCDIO NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr sptd tdx Wanarpv6 WfpLwf
19/05/2012 10:13:25, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
19/05/2012 10:13:25, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
19/05/2012 10:13:25, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
19/05/2012 10:13:25, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
19/05/2012 10:13:25, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
19/05/2012 10:13:25, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
19/05/2012 10:13:25, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
19/05/2012 10:13:25, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
19/05/2012 10:13:25, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
19/05/2012 10:00:17, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
19/05/2012 09:59:47, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
19/05/2012 09:57:34, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
18/05/2012 20:08:19, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
18/05/2012 20:08:19, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
16/05/2012 11:36:41, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
15/05/2012 11:43:52, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
12/05/2012 18:07:59, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
.
==== End Of File ===========================

waddler_8

2012-05-18 08:07:41

---

d

---

w- C:\Users\DaVid\AppData\Local\WinZip

The logs show a Winzip folder being created yesterday morning, just after 8.0 am. There's not much else showing, malware wise.

Download this and save it to your desktop.

http://public.avast.com/~gmerek/aswMBR.exe

When you've downloaded it...

• Right click aswMBR.exe & choose "Run as Administrator" to run it
  
• Click YES if prompted to scan with Avast virus definitions
  
• With the AVscan set to Quick Scan, click the Scan button.
  
  
• When the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
• Click OK when prompted. aswMBR.txt & MBR.dat will be appear on your desktop.
• Click EXIT.
• Copy & paste the contents of aswMBR.txt & post it here.

Don't click to fix anything yet, just post the log.

chubb3g114

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-19 13:35:46

---

13:35:46.313 OS Version: Windows x64 6.1.7601 Service Pack 1
13:35:46.313 Number of processors: 2 586 0x170A
13:35:46.314 ComputerName: DAVID-PC UserName: DaVid
13:35:53.452 Initialize success
13:35:53.490 AVAST engine defs: 12051800
13:36:37.519 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:36:37.521 Disk 0 Vendor: ST332041 CC45 Size: 305245MB BusType: 3
13:36:37.535 Disk 0 MBR read successfully
13:36:37.538 Disk 0 MBR scan
13:36:37.848 Disk 0 Windows 7 default MBR code
13:36:37.860 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 70 MB offset 63
13:36:38.117 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10942 MB offset 145408
13:36:38.304 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 294231 MB offset 22554624
13:36:38.468 Disk 0 scanning C:\Windows\system32\drivers
13:36:52.529 Service scanning
13:37:08.945 Modules scanning
13:37:08.945 Disk 0 trace - called modules:
13:37:08.961 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
13:37:08.962 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c5e060]
13:37:08.962 3 CLASSPNP.SYS[fffff88001d6c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a51050]
13:37:12.172 AVAST engine scan C:\Windows
13:37:16.933 AVAST engine scan C:\Windows\system32
13:39:58.200 AVAST engine scan C:\Windows\system32\drivers
13:40:08.323 AVAST engine scan C:\Users\DaVid
13:41:36.706 Disk 0 MBR has been saved successfully to "C:\Users\DaVid\Desktop\MBR.dat"
13:41:36.713 The log file has been saved successfully to "C:\Users\DaVid\Desktop\aswMBR.txt"

waddler_8

That all looks good.

If you haven't already done it, boot into normal mode and run a quick scan with mbam and see hows things are performing.

chubb3g114

Hi Waddler-8, thanks for your time and help.
Have run quick and normal scan, nothing found and all appears to be running OK.
Strange you say that WINRAR was installed yesterday morning at 8-00 am as the computer was not on (I was still in bed).

Thanks again.

chubb3g114

waddler_8

No problems with freezing then now?