possible virus/malware on my laptop?

Euphoria1z · 23 January 2013 at 7:10PM

Hi

i think my laptop is infected as internet is doing funny things...

i dont know whats happened but basically when you type something in google, and then click on the link to go that website, instead of taking you there it now redirects you to other random websites, i.e answergrab.com, clickscreen.net, shopr.com, and wonderwhat.biz just to name a few... ive also been redirected to a red screen saying "malware detected by windows, clicke here to remove" (which i havent clicked on incase its fake)...

if i type in a website into my address bar then i can get to the page fine, but when i google something and then click on a link from google, then i get redirected.

whats concerning me is that i have Norton 360 installed, so how come it didnt protect the laptop? im running a full system scan from norton just now, once its done ill delete all cookies/internet files and hope it fixes itself.

ive read through the malware stickie but dont feel confident in doing that just now.

will norton 360 remove malware (assuming thats what it is)?

thanks (hp pavilion laptop with windows 7)

waddler_8 · 23 January 2013 at 7:18PM

Download DDS from the link below and save it to your desktop:

Link

After you've downloaded it and saved it to your desktop:

Double click DDS to run it.
When it's finished, DDS will open two logs:

DDS.txt
Attach.txt

Save both reports to your desktop.

Copy & paste the contents of just DDS.txt for now and post it here (you may need to split the log over separate posts)

DoA_2 · 23 January 2013 at 7:34PM

Yup, sounds like Malware to me. You did the right thing NOT clicking on that, it most certainly is fake.

Do as waddler suggests but also download a program called MalwareBytes .. Try running that in standard mode but then also in safe mode (reboot your computer and boot into safe mode (usually by hitting F8 when the computer starts)).

As to why Norton didn't detect it ... I'd love to go down the usual route everyone does & suggest Norton is crap (it is, to a point) but actually it's because not all scanners catch all malware / viruses - some are better at some than others ... I have 3 installed so what 1 misses, another hopefully will catch.

Euphoria1z · 23 January 2013 at 7:39PM

norton has just finished scanning and has said 42 risks found and deleted (which were tracking cookies) and ive deleted the search history/temp internet files and restarted but the issue is still there.

ill do the above shortly and report back, but out of curiosity, will that tell you exactly what the problem is and how to fix?

thanks

DoA_2 · 23 January 2013 at 7:43PM

Hopefully Malwarebytes finds & fixes the problem for you. Otherwise it might take more digging / googling / manual steps.

As an aside, I use a (free) service called Dropbox which automatically syncs my most important files to an online account. That was, I know I can just reformat my computer, re-install windows & my files will be automatically downloaded back to my computer ... absolute godsend as I've never lost a file yet!

Euphoria1z · 23 January 2013 at 8:00PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by Euphoria at 18:40:58 on 2013-01-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4044.2285 [GMT 0:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Imy\nokia\adminservice.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\System32\hkcmd.exe
C:\Imy\nokia\BtvStack.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Users\Euphoria\Desktop\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Imy\nokia\AthBtTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.blessle.com/
uSearch Bar = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=87d58e8f-079d-4550-81e7-8e11e51146b7&searchtype=ds&q={searchTerms}
uSearch Page = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=87d58e8f-079d-4550-81e7-8e11e51146b7&searchtype=ds&q={searchTerms}
uSearchAssistant = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=87d58e8f-079d-4550-81e7-8e11e51146b7&searchtype=ds&q={searchTerms}
mSearchAssistant = hxxp://start.facemoods.com/?a=grupo&s={searchTerms}&f=4
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Euph\nokia\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coieplg.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Nobln] rundll32 "C:\Users\Euphoria\AppData\Roaming\mcicdau.dll",Mljzycjpv
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Imy\nokia\IEPlugIn.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{04123437-7DCE-4D45-A18E-DC72CF2F09CA} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{04123437-7DCE-4D45-A18E-DC72CF2F09CA}\244564F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{04123437-7DCE-4D45-A18E-DC72CF2F09CA}\35B4956343231343 : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [AtherosBtStack] "C:\Imy\nokia\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Imy\nokia\AthBtTray.exe"
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0502020.003\symds64.sys [2012-6-13 450680]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0502020.003\symefa64.sys [2012-6-13 912504]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-10-2 37720]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [2013-1-16 1388120]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20130122.001\IDSviA64.sys [2013-1-23 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0502020.003\ironx64.sys [2012-6-13 171128]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\0502020.003\symnets.sys [2012-6-13 386168]
R2 AtherosSvc;AtherosSvc;C:\Imy\nokia\AdminService.exe [2011-11-29 106144]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-6 291896]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-5 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-7-5 2372096]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-9-28 212944]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccsvchst.exe [2012-6-13 130008]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TomTomHOMEService;TomTomHOMEService;C:\Users\Imraan\Desktop\TomTom HOME 2\TomTomHOMEService.exe [2012-1-23 92592]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-7-5 2656280]
R2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [2013-1-22 945328]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-11-29 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-11-29 330912]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2011-11-29 110752]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-11-29 30368]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-11-29 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-11-29 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-11-29 280992]
R3 BthMtpEnum;Bluetooth MTP Device Enumerator;C:\Windows\System32\drivers\BthMtpEnum.sys [2009-7-14 64512]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2011-7-5 620584]
R3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\System32\drivers\btwdpan.sys [2011-12-16 89640]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-10 138912]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-5-3 317440]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-12-2 565352]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-7-5 39976]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-5-3 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 MHIKEY10;MHIKEY10;C:\Windows\System32\drivers\MHIKEY10x64.sys [2010-9-15 60288]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-7-5 335464]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\Windows\System32\drivers\s115bus.sys [2007-4-23 108296]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\Windows\System32\drivers\s115mdfl.sys [2007-4-23 19720]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\Windows\System32\drivers\s115mdm.sys [2007-4-23 144648]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\Windows\System32\drivers\s115mgmt.sys [2007-4-23 126216]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\Windows\System32\drivers\s115obex.sys [2007-4-23 123656]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-15 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2013-01-23 08:55:22

d

w- C:\Users\Euphoria\AppData\Local\{BAE9A9DE-603C-4ECE-B9AE-1EEAC10A8D69}
2013-01-22 20:54:59

d

w- C:\Users\Euphoria\AppData\Local\{F2698418-C8AE-4281-9428-237E5CA56FFE}
2013-01-22 17:47:05 118784 --sha-r- C:\Users\Euphoria\AppData\Roaming\mcicdau.dll
2013-01-22 08:54:24

d

w- C:\Users\Euphoria\AppData\Local\{40679712-7F24-43A1-B9EA-B6D2FE95331E}
2013-01-21 20:33:46

d

w- C:\Users\Euphoria\AppData\Local\{BAE073EC-A276-41B8-B0CC-17836CE7C361}
2013-01-21 08:33:23

d

w- C:\Users\Euphoria\AppData\Local\{3ECB6CEB-BBE3-4787-B0AD-0D8D4EECC940}
2013-01-20 20:16:09

d

w- C:\Users\Euphoria\AppData\Local\{0FA4CCEC-A4EB-4D90-9D1A-B184A92A6C93}
2013-01-20 08:06:43

d

w- C:\Users\Euphoria\AppData\Local\{FB51D3A2-2C41-4807-A1F6-A4108F387917}
2013-01-19 12:11:22

d

w- C:\Users\Euphoria\AppData\Local\{06B6B2E1-AF87-4EB0-8A64-13A3FC8D1954}
2013-01-18 08:47:23

d

w- C:\Users\Euphoria\AppData\Local\{4CB2C772-58C1-4A00-A63B-C418B2461576}
2013-01-17 20:47:01

d

w- C:\Users\Euphoria\AppData\Local\{FB9E7FFF-F4F4-479E-A931-8EBB5B6F1201}
2013-01-17 08:46:37

d

w- C:\Users\Euphoria\AppData\Local\{0A1FDFC3-7A8B-4E85-B86F-CAA4E87AE227}
2013-01-16 20:39:01

d

w- C:\Users\Euphoria\AppData\Local\{87453711-186A-4EC3-AA00-DF717274DBD6}
2013-01-16 08:30:16

d

w- C:\Users\Euphoria\AppData\Local\{722FA5D0-86A0-4FC0-BF71-23887981561F}
2013-01-15 06:14:24

d

w- C:\Users\Euphoria\AppData\Local\{6A6739FA-92C6-4429-80E0-2A29288552B2}
2013-01-14 12:17:30

d

w- C:\Users\Euphoria\AppData\Local\{87E7C422-4A93-476A-8BD7-1DE84A9F481F}
2013-01-13 21:11:04

d

w- C:\Users\Euphoria\AppData\Local\{4AFEBE24-52CC-476C-98ED-DDEE954F2887}
2013-01-13 09:10:53

d

w- C:\Users\Euphoria\AppData\Local\{AABCA3B9-9DD0-44A3-88A1-B50EEA1BFF4F}
2013-01-12 08:41:13

d

w- C:\Users\Euphoria\AppData\Local\{D7C4E5A5-9B42-4E73-B0A9-86C9A1E52543}
2013-01-11 20:33:57

d

w- C:\Users\Euphoria\AppData\Local\{F0641363-4FDE-45C3-A216-50D06F02392F}
2013-01-11 08:33:28

d

w- C:\Users\Euphoria\AppData\Local\{10C2ED89-6A03-4BFE-AF89-6DA20697612F}
2013-01-10 20:14:54

d

w- C:\Users\Euphoria\AppData\Local\{CA687B99-1216-46C7-8CBC-2EC4DEC1384D}
2013-01-10 08:14:29

d

w- C:\Users\Euphoria\AppData\Local\{9917AC77-4661-4FD4-9E7E-8BCD10EB1FAE}
2013-01-09 08:45:04 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-01-09 08:45:03 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-01-09 08:43:49 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-01-09 08:43:49 3149824 ----a-w- C:\Windows\System32\win32k.sys
2013-01-09 08:26:31

d

w- C:\Users\Euphoria\AppData\Local\{B2308581-C8F6-4626-B8D6-6E22DDA0DDD9}
2013-01-08 20:14:23

d

w- C:\Users\Euphoria\AppData\Local\{1AAE2BF7-6992-4631-A62C-A95BC7D579AA}
2013-01-07 09:04:17

d

w- C:\Users\Euphoria\AppData\Local\{E6F3AF15-9D04-4562-8BB4-514E1C138A78}
2013-01-06 12:26:01

d

w- C:\Users\Euphoria\AppData\Local\{CE771546-7BE6-478F-8F4A-6D6E59906C11}
2013-01-05 21:03:21

d

w- C:\Users\Euphoria\AppData\Local\{F9913F64-F571-4C82-9F70-89B095E9A3E8}
2013-01-05 09:02:47

d

w- C:\Users\Euphoria\AppData\Local\{18500F0C-C491-4992-A8A5-40259B45C7D1}
2013-01-04 21:02:12

d

w- C:\Users\Euphoria\AppData\Local\{F024567F-9AEC-485A-B608-4776C8FB016F}
2013-01-04 09:01:49

d

w- C:\Users\Euphoria\AppData\Local\{25293BE7-BC7D-4AD8-86D2-B771B15726FC}
2013-01-03 20:14:24

d

w- C:\Users\Euphoria\AppData\Local\{A03CCF93-E97B-48D8-9663-2058D34B62D5}
2013-01-03 08:14:01

d

w- C:\Users\Euphoria\AppData\Local\{2E464FF5-025C-4706-891C-3D680EEB4205}
2013-01-02 19:45:38

d

w- C:\Users\Euphoria\AppData\Local\{1C28B1F1-2BD4-4F44-9878-B8BD20308070}
2013-01-02 04:25:36

d

w- C:\Users\Euphoria\AppData\Local\{09D4D020-E045-46D0-9571-F056B8C11EE2}
2013-01-01 11:58:49

d

w- C:\Users\Euphoria\AppData\Local\{22F4E975-745D-4F6E-8B65-347392C49739}
2012-12-31 14:32:09

d

w- C:\Users\Euphoria\AppData\Local\{10B3F86D-24C5-4216-ACF3-A7E6B84D7039}
2012-12-31 14:31:30

d

w- C:\Users\Euphoria\AppData\Local\{DB415E5B-660A-41D5-97BB-24EDAE613669}
2012-12-30 20:54:41

d

w- C:\Users\Euphoria\AppData\Local\{F9206900-A3EE-485A-9CA0-656701B2975A}
2012-12-30 08:54:26

d

w- C:\Users\Euphoria\AppData\Local\{E2A65CC0-F698-4ACF-A739-C98C5092CAB0}
2012-12-29 20:19:23

d

w- C:\Users\Euphoria\AppData\Local\{EFC43604-D643-490C-AB53-388B72BA3459}
2012-12-29 20:19:17

d

w- C:\Users\Euphoria\AppData\Local\{B4815BF1-D141-40EB-8FA3-A2450F076A0D}
2012-12-29 08:14:47

d

w- C:\Users\Euphoria\AppData\Local\{B7B0461C-F95F-4C81-B222-91D9A32B73F3}
2012-12-28 20:09:45

d

w- C:\Users\Euphoria\AppData\Local\{F4B46E18-C333-4262-9B90-97EFE20644D1}
2012-12-28 08:09:20

d

w- C:\Users\Euphoria\AppData\Local\{0C3036CA-5350-487F-9D4A-DCBB9B8D9F2B}
2012-12-27 17:45:32

d

w- C:\Users\Euphoria\AppData\Local\{DBDAB020-0BBC-4B8A-AE91-C1DEDF3B9745}
2012-12-26 09:43:10

d

w- C:\Users\Euphoria\AppData\Local\{90366137-DB95-4843-B56F-C972D821D3A3}
2012-12-25 08:54:31

d

w- C:\Users\Euphoria\AppData\Local\{86FD1FB1-266C-4C9A-8E2C-EC89B36C04C6}
2012-12-24 20:46:45

d

w- C:\Users\Euphoria\AppData\Local\{89AEAE57-6D6D-4CCC-9633-89349BBD97E5}
.
==================== Find3M ====================

Euphoria1z · 23 January 2013 at 8:01PM

.
2013-01-22 17:08:55 37720 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-01-09 18:46:22 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 18:46:22 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-21 09:19:49 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-12-21 09:19:49 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
.
============= FINISH: 18:41:39.45 ===============

waddler_8 · 23 January 2013 at 8:08PM

uRun: [Nobln] rundll32 "C:\Users\Euphoria\AppData\Roaming\mcicdau.dll",Mljzycjpv

Go here and read through the instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

IMPORTANT! Ensure you temporarily turn off Norton before running.
Instructions here
Save combofix to your desktop.
Double click combofix.exe & follow the prompts closely.
Combofix may reboot the PC several times.
When it's finished, it will automatically produce a log. Post the contents of that log.
It can also be found on your C:\ drive named combofix.txt

Above all, BE PATIENT! and let it run it's course.

waddler_8 · 23 January 2013 at 8:39PM

DoA wrote: »

Do as waddler suggests but also download a program called MalwareBytes .. Try running that in standard mode but then also in safe mode (reboot your computer and boot into safe mode (usually by hitting F8 when the computer starts)).

Mbam's designed to be at it's best in normal mode.

http://helpdesk.malwarebytes.org/entries/21892442-should-i-scan-with-malwarebytes-anti-malware-in-safe-mode

Euphoria1z · 23 January 2013 at 8:52PM

ok, thanks, ill report back once done, FYI DOA's malwarebytes has just finished after an hour and came back all clean with nothing to report.

Euphoria1z · 23 January 2013 at 9:04PM

waddler_8 wrote: »

Go here and read through the instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial
IMPORTANT! Ensure you temporarily turn off Norton before running.
Instructions here

Save combofix to your desktop.

Double click combofix.exe & follow the prompts closely.

Combofix may reboot the PC several times.

When it's finished, it will automatically produce a log. Post the contents of that log.

It can also be found on your C:\ drive named combofix.txt

Above all, BE PATIENT! and let it run it's course.

hi,, need help, ive clicked on the link above, ive saved FLV runner to desktop and ran it and nothing really happens apart from an offer of toolbars and maps and stuff, i dont see combofix anywhere???

possible virus/malware on my laptop?

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free