We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Help with infected PC.
Jon_01
Posts: 5,914 Forumite
in Techie Stuff
Afternoon good people,
At the end of last week my laptop got some sort of infection, I have no idea how (really I don't. I don't look at iffy website, I don't open unknown emails and I don't download ripoff software).
MSE found a stack of Trojans one morning and then a load more the next.
I have MSE and Malwarebytes running and updated every day.
Since then MSE finds new stuff every day (it found 6 java exploits this morning rated as serious). They 'seem' to be being loaded at boot, but I'm not sure.
I've tried a few other AV (Panda and Spybot S&D) and all they've found are a few tracking cookies... But there's still something hidden. My browser keeps getting redirected to add sites rather than the links in Google that I click on and I've just found that the history in Word has vanished??
Whatever it is is windows firewall isn't doing anything to stop it and MSE is just detecting new stuff as it gets installed.
I'm thinking the only way out is to reformat and reinstall everything? As nothing, so far, can find the program, virus or Trojan that's causing the downloads...
Anyone have any thoughts?
(I'm running Windows 7 64 bit).
At the end of last week my laptop got some sort of infection, I have no idea how (really I don't. I don't look at iffy website, I don't open unknown emails and I don't download ripoff software).
MSE found a stack of Trojans one morning and then a load more the next.
I have MSE and Malwarebytes running and updated every day.
Since then MSE finds new stuff every day (it found 6 java exploits this morning rated as serious). They 'seem' to be being loaded at boot, but I'm not sure.
I've tried a few other AV (Panda and Spybot S&D) and all they've found are a few tracking cookies... But there's still something hidden. My browser keeps getting redirected to add sites rather than the links in Google that I click on and I've just found that the history in Word has vanished??
Whatever it is is windows firewall isn't doing anything to stop it and MSE is just detecting new stuff as it gets installed.
I'm thinking the only way out is to reformat and reinstall everything? As nothing, so far, can find the program, virus or Trojan that's causing the downloads...
Anyone have any thoughts?
(I'm running Windows 7 64 bit).
0
Comments
-
Has it found a name of a specific trojan? If so then do a google search to see if there is a specific removal tool for it.
You can also try running the computer in Safe mode (F8) and do a full AV scan, clean and reboot.
Another option is to use the backup "Last Known Good Configuration" option to a date you know of when you had no issues.0 -
Let's see if we can see what it is causing it.
Download DDS from the link below and save it to your desktop:
Link
After you've downloaded it and saved it to your desktop:- Double click DDS to run it.
- When it's finished, DDS will open two logs:
- DDS.txt
- Attach.txt
Copy & paste the contents of just DDS.txt for now and post it here (you may need to split the log over separate posts)0 -
Has it found a name of a specific trojan? If so then do a google search to see if there is a specific removal tool for it.
You can also try running the computer in Safe mode (F8) and do a full AV scan, clean and reboot.
Another option is to use the backup "Last Known Good Configuration" option to a date you know of when you had no issues.
MSE found about 50 trojan's on day 1 and removed them all, but they keep coming back, not as many but they come back.
I've run all the scans in safe mode, it's made no difference.0 -
Let's see if we can see what it is causing it.
Download DDS from the link below and save it to your desktop:
Link
After you've downloaded it and saved it to your desktop:- Double click DDS to run it.
- When it's finished, DDS will open two logs:
- DDS.txt
- Attach.txt
Copy & paste the contents of just DDS.txt for now and post it here (you may need to split the log over separate posts)
Run and posted below. . .
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by Steve at 17:18:15 on 2012-07-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8053.4660 [GMT 1:00]
.
AV: Panda Cloud Antivirus *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Panda Cloud Antivirus *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Spybot - Search and Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\System32\rundll32.exe
C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
C:\Program Files (x86)\GrabIt\GrabIt.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Program Files (x86)\GrabIt\GrabIt.exe
C:\Program Files (x86)\GrabIt\GrabIt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://uk.yahoo.com/
uDefault_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.1.7\AVG Secure Search_toolbar.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.1.7\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
uRun: [IGearSettings] RUNDLL32.EXE C:\Users\Steve\AppData\Local\IGearSettings\oxxxmydo.dll,InjectDll
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NWEReboot]
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
mRun: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mRunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
StartupFolder: C:\Users\Steve\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Steve\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B4D9F6C4-365C-4B14-9509-57442AAD6DBB} : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
Notify: SDWinLogon - SDWinLogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.1.7\AVG Secure Search_toolbar.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.1.7\AVG Secure Search_toolbar.dll
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [NWEReboot]
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
mRun-x64: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce-x64: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mRunOnce-x64: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\hde7deur.default\
FF - prefs.js: browser.search.selectedEngine - IMDB
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false0 -
And the second part;
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 NNSAlpc;NNSAlpc;C:\Windows\system32\DRIVERS\NNSAlpc.sys --> C:\Windows\system32\DRIVERS\NNSAlpc.sys [?]
R1 NNSHttp;NNSHttp;C:\Windows\system32\DRIVERS\NNSHttp.sys --> C:\Windows\system32\DRIVERS\NNSHttp.sys [?]
R1 NNSIds;NNSIds;C:\Windows\system32\DRIVERS\NNSIds.sys --> C:\Windows\system32\DRIVERS\NNSIds.sys [?]
R1 NNSPicc;NNSPicc;C:\Windows\system32\DRIVERS\NNSPicc.sys --> C:\Windows\system32\DRIVERS\NNSPicc.sys [?]
R1 NNSPop3;NNSPop3;C:\Windows\system32\DRIVERS\NNSPop3.sys --> C:\Windows\system32\DRIVERS\NNSPop3.sys [?]
R1 NNSProt;NNSProt;C:\Windows\system32\DRIVERS\NNSProt.sys --> C:\Windows\system32\DRIVERS\NNSProt.sys [?]
R1 NNSPrv;NNSPrv;C:\Windows\system32\DRIVERS\NNSPrv.sys --> C:\Windows\system32\DRIVERS\NNSPrv.sys [?]
R1 NNSSmtp;NNSSmtp;C:\Windows\system32\DRIVERS\NNSSmtp.sys --> C:\Windows\system32\DRIVERS\NNSSmtp.sys [?]
R1 NNSStrm;NNSStrm;C:\Windows\system32\DRIVERS\NNSStrm.sys --> C:\Windows\system32\DRIVERS\NNSStrm.sys [?]
R1 NNSTlsc;NNSTlsc;C:\Windows\system32\DRIVERS\NNSTlsc.sys --> C:\Windows\system32\DRIVERS\NNSTlsc.sys [?]
R1 PSINKnc;PSINKnc;C:\Windows\system32\DRIVERS\psinknc.sys --> C:\Windows\system32\DRIVERS\psinknc.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-10-14 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 NanoServiceMain;Panda Cloud Antivirus Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2012-7-13 140064]
R2 PSINAflt;PSINAflt;C:\Windows\system32\DRIVERS\PSINAflt.sys --> C:\Windows\system32\DRIVERS\PSINAflt.sys [?]
R2 PSINFile;PSINFile;C:\Windows\system32\DRIVERS\PSINFile.sys --> C:\Windows\system32\DRIVERS\PSINFile.sys [?]
R2 PSINProc;PSINProc;C:\Windows\system32\DRIVERS\PSINProc.sys --> C:\Windows\system32\DRIVERS\PSINProc.sys [?]
R2 PSINProt;PSINProt;C:\Windows\system32\DRIVERS\PSINProt.sys --> C:\Windows\system32\DRIVERS\PSINProt.sys [?]
R2 PSUAService;Panda Product Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2012-7-13 36640]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-7-24 1188896]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-7-24 1395736]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-7-24 166528]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-10-14 689472]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-14 2320920]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-5-30 935480]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 O2MDGRDR;O2MDGRDR;C:\Windows\system32\DRIVERS\o2mdgx64.sys --> C:\Windows\system32\DRIVERS\o2mdgx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;C:\Windows\system32\DRIVERS\NNSNAHSL.sys --> C:\Windows\system32\DRIVERS\NNSNAHSL.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-27 250056]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-26 113120]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 NNSPihsw;NNSPihsw;C:\Windows\system32\DRIVERS\NNSPihsw.sys --> C:\Windows\system32\DRIVERS\NNSPihsw.sys [?]
.
=============== Created Last 30 ================
.
2012-07-24 09:20:25
d
w- C:\ProgramData\Spybot - Search & Destroy
2012-07-24 09:20:14 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2012-07-24 09:20:03
d
w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-07-24 08:36:33 57928 ----a-w- C:\Windows\System32\drivers\PSKMAD.sys
2012-07-24 07:59:47 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F9C9D3F7-63F3-419B-BD59-1A266851DD07}\mpengine.dll
2012-07-23 08:09:12 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-22 18:40:51
d
w- C:\Windows\System32\SPReview
2012-07-22 18:39:49
d
w- C:\Windows\System32\EventProviders
2012-07-22 17:58:30
d
w- C:\Users\Steve\AppData\Roaming\Panda Security
2012-07-22 17:55:51
d
w- C:\ProgramData\Panda Security
2012-07-22 17:55:51
d
w- C:\Program Files (x86)\Panda Security
2012-07-22 17:07:26
d
w- C:\Users\Steve\AppData\Local\Google
2012-07-22 17:06:30
d
w- C:\ProgramData\AVAST Software
2012-07-22 17:06:30
d
w- C:\Program Files\AVAST Software
2012-07-20 19:12:42
d
w- C:\Users\Steve\AppData\Local\{E0F13756-D29E-11E1-8270-B8AC6F996F26}
2012-07-18 17:52:08
d
w- C:\Users\Steve\AppData\Local\IGearSettings
2012-07-13 06:02:53 130088 ----a-w- C:\Windows\System32\drivers\PSINProt.sys
2012-07-13 06:02:10 205352 ----a-w- C:\Windows\System32\drivers\PSINKNC.sys
2012-07-13 06:02:10 123944 ----a-w- C:\Windows\System32\drivers\PSINProc.sys
2012-07-13 06:02:09 167464 ----a-w- C:\Windows\System32\drivers\PSINAflt.sys
2012-07-13 06:02:09 119336 ----a-w- C:\Windows\System32\drivers\PSINFile.sys
2012-07-12 10:18:56 219688 ----a-w- C:\Windows\System32\drivers\NNSStrm.sys
2012-07-11 20:56:58 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 19:23:47 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 13:35:39 255552 ----a-w- C:\Windows\SysWow64\drivers\mcdbus.sys
2012-07-11 13:35:39 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys
2012-07-11 13:35:38
d
w- C:\Program Files (x86)\MagicDisc
2012-07-04 07:57:13 927800
w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A0760748-2D9D-4B0D-B0C3-F48D5F47B95D}\gapaengine.dll
2012-07-01 16:29:11
d
w- C:\Users\Steve\AppData\Local\Gas Powered Games
2012-07-01 16:28:23
d
w- C:\ProgramData\Media Center Programs
2012-07-01 16:13:59 3767504 ----a-w- C:\Windows\System32\d3dx9_26.dll
2012-07-01 16:13:59 2297552 ----a-w- C:\Windows\SysWow64\d3dx9_26.dll
2012-06-27 14:51:24 105000 ----a-w- C:\Windows\System32\drivers\NNStlsc.sys
2012-06-27 14:51:23 112680 ----a-w- C:\Windows\System32\drivers\NNSSmtp.sys
2012-06-27 14:51:23 109096 ----a-w- C:\Windows\System32\drivers\NNSPrv.sys
2012-06-27 14:51:22 68648 ----a-w- C:\Windows\System32\drivers\NNSPihsw.sys
2012-06-27 14:51:22 304680 ----a-w- C:\Windows\System32\drivers\NNSProt.sys
2012-06-27 14:51:22 116776 ----a-w- C:\Windows\System32\drivers\NNSPop3.sys
2012-06-27 14:51:21 93224 ----a-w- C:\Windows\System32\drivers\NNSpicc.sys
2012-06-27 14:51:21 33320 ----a-w- C:\Windows\System32\drivers\NNSNAHSL.sys
2012-06-27 14:51:20 113192 ----a-w- C:\Windows\System32\drivers\NNSIds.sys
2012-06-27 14:51:19 89128 ----a-w- C:\Windows\System32\drivers\NNSAlpc.sys
2012-06-27 14:51:19 116776 ----a-w- C:\Windows\System32\drivers\NNSHttp.sys
.
==================== Find3M ====================
.
2012-07-22 18:56:00 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-07-22 18:55:58 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-07-11 18:34:45 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 18:34:45 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 12:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-08 10:09:33 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-06-08 10:09:33 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 14:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 14:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 17:19:32.50 ===============0 -
Run aswMBR as below & post that log. Download it from the link below and save it to your desktop.
http://public.avast.com/~gmerek/aswMBR.exe
When you've downloaded it...- Right click aswMBR.exe & choose "Rub as Adiministrator" to run it.
- OK any UAC prompt
- If prompted, click NO to scan with Avast! virus definitions.
- Click the Scan button.
- After the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
- Click OK when prompted. aswMBR.txt & MBR.dat will be appear on your desktop.
- Click EXIT.
- Copy & paste the contents of aswMBR.txt here.
0 -
By the way, uninstall Panda. Running two AV's is going to cause problems.0
-
Thanks for all the help.
Log below;
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-24 17:37:54
17:37:54.943 OS Version: Windows x64 6.1.7601 Service Pack 1
17:37:54.943 Number of processors: 4 586 0x2505
17:37:54.944 ComputerName: STEVE-PC UserName: Steve
17:37:56.419 Initialize success
17:38:07.260 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:38:07.263 Disk 0 Vendor: Hitachi_HTS725032A9A364 PC3OCA0B Size: 305245MB BusType: 11
17:38:07.292 Disk 0 MBR read successfully
17:38:07.296 Disk 0 MBR scan
17:38:07.299 Disk 0 Windows 7 default MBR code
17:38:07.302 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 2055 MB offset 63
17:38:07.321 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 8618 MB offset 4210688
17:38:07.347 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 195070 MB offset 21860352
17:38:07.352 Disk 0 Partition - 00 0F Extended LBA 99500 MB offset 421363712
17:38:07.385 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 99499 MB offset 421365760
17:38:07.419 Disk 0 scanning C:\Windows\system32\drivers
17:38:14.674 Service scanning
17:38:32.617 Modules scanning
17:38:32.626 Disk 0 trace - called modules:
17:38:32.982 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
17:38:32.991 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d3a060]
17:38:33.000 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007a30060]
17:38:33.006 Scan finished successfully
17:38:39.328 Disk 0 MBR has been saved successfully to "C:\Users\Steve\Desktop\MBR.dat"
17:38:39.412 The log file has been saved successfully to "C:\Users\Steve\Desktop\aswMBR.txt"0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.1K Banking & Borrowing
- 252.8K Reduce Debt & Boost Income
- 453.1K Spending & Discounts
- 243.1K Work, Benefits & Business
- 597.5K Mortgages, Homes & Bills
- 176.5K Life & Family
- 256.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards