11 replies to this topic

[RupertHentzau]

Had Searchcore. net last month. Rkill run and where previously got clean bill MWB Pro, spotted 2 infected files, was still there after scan (symptions hotmail account playing totally up).

Totally reinstalled- no partitions.

Now IE playing up, which was the first sympton last time.

Last wednesday kept opening windows (weirdly so did my wife's laptop when I switched to that) and yahoo mail kept security flagging me that I was accessing mail from Netherlands, when I was in London.

Am I still infected or just paranoid?


Thanks guys.

Do have patience if I've not given correct info, novice to all this.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Martin at 15:37:06 on 2012-04-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2396 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.co.uk/
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PLAYWI~1.LNK - C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{58D7F3AC-69AD-4E47-9036-8E575EE2E6CD} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A5BA96F0-F698-4789-ACF4-B176B748C5E7} : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do-Not-Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do-Not-Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\gw9qyw9s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Users\Martin\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll
FF - plugin: C:\Users\Martin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\avgidseha.sys --> C:\Windows\system32\DRIVERS\avgidseha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-2-14 5104992]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-11 654408]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-4-9 3063968]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 WLANBelkinService;Belkin WLAN service;C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe [2009-12-28 36864]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 BCMH43XX;N+ Wireless USB Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]
R3 LVUVC64;Logitech Webcam 200(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-4-5 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 253088]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-18 09:43:25 -------- d-----w- C:\Program Files (x86)\Market Samurai
2012-04-18 05:07:19 -------- d-----w- C:\Users\Martin\AppData\Local\{B9942C70-AB80-4674-A88E-36434C428347}
2012-04-18 05:07:09 -------- d-----w- C:\Users\Martin\AppData\Local\{B33A4E46-E992-4810-A5FF-818809501250}
2012-04-17 08:43:18 -------- d-----w- C:\Users\Martin\AppData\Local\{C892B2D9-5E0D-4D0D-A22C-D428ADB9C25C}
2012-04-17 08:43:06 -------- d-----w- C:\Users\Martin\AppData\Local\{179275B1-3F30-4AA4-903F-9B57FE338AED}
2012-04-16 20:16:34 -------- d-----w- C:\Users\Martin\AppData\Local\{43195AF9-A15D-4FA7-805B-6DA96F72C587}
2012-04-16 20:16:23 -------- d-----w- C:\Users\Martin\AppData\Local\{D939CCB4-C08C-464B-8C2E-E0F0402D023F}
2012-04-16 08:16:09 -------- d-----w- C:\Users\Martin\AppData\Local\{C61DD24B-DECD-4FBB-96D5-E2571243EBD9}
2012-04-16 08:15:57 -------- d-----w- C:\Users\Martin\AppData\Local\{1687BE7D-8A08-4B3E-B312-E6771154F344}
2012-04-15 19:21:46 -------- d-----w- C:\Users\Martin\AppData\Local\{E09E47BD-D279-4B67-ACC6-C3C3D5BC2F41}
2012-04-15 19:21:35 -------- d-----w- C:\Users\Martin\AppData\Local\{5E2C1B29-8840-4CAF-8ECD-55BDF75DF72B}
2012-04-15 07:21:22 -------- d-----w- C:\Users\Martin\AppData\Local\{E3B53F65-AB6C-4E4B-8080-2342D16DE419}
2012-04-15 07:21:11 -------- d-----w- C:\Users\Martin\AppData\Local\{C04AF343-4F46-4EFE-B640-95B7DDF10032}
2012-04-14 19:20:57 -------- d-----w- C:\Users\Martin\AppData\Local\{BBB26C46-6236-470D-8AE4-14F4A3C33883}
2012-04-14 19:20:46 -------- d-----w- C:\Users\Martin\AppData\Local\{EDCAAD96-DC7A-4479-8567-A14560D2257C}
2012-04-14 14:48:01 8766112 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-14 07:20:31 -------- d-----w- C:\Users\Martin\AppData\Local\{F18BEF0F-A0BD-48D6-AB33-727E2FBA7408}
2012-04-14 07:20:19 -------- d-----w- C:\Users\Martin\AppData\Local\{284B7A63-6C81-49F1-94CA-DC62222BDD17}
2012-04-13 17:55:05 -------- d-----w- C:\Users\Martin\AppData\Local\{26BC4569-DCC4-4995-BF86-F0EC643F6D70}
2012-04-13 17:54:53 -------- d-----w- C:\Users\Martin\AppData\Local\{583950CE-E66C-4CC7-AC86-9C39E13BAB7E}
2012-04-13 10:13:41 -------- d-----w- C:\ProgramData\boost_interprocess
2012-04-13 10:13:19 -------- d-----r- C:\Program Files (x86)\Skype
2012-04-13 05:54:40 -------- d-----w- C:\Users\Martin\AppData\Local\{F9E3C431-1293-4359-A24C-5706A58CD7DC}
2012-04-13 05:54:28 -------- d-----w- C:\Users\Martin\AppData\Local\{83A815BD-A238-4A9D-B32C-3CA5672FCC89}
2012-04-12 17:54:01 -------- d-----w- C:\Users\Martin\AppData\Local\{7278B8B3-7C8F-4A48-AFA3-13C52AFC8D77}
2012-04-12 17:53:49 -------- d-----w- C:\Users\Martin\AppData\Local\{719A12E0-CECC-473B-90DF-98954361D451}
2012-04-12 05:53:20 -------- d-----w- C:\Users\Martin\AppData\Local\{05D4DECA-FD91-420B-B532-40BFA8A7EE75}
2012-04-12 05:53:09 -------- d-----w- C:\Users\Martin\AppData\Local\{ED3714E4-B9F9-470C-8CC8-29BC8E536B91}
2012-04-12 05:09:53 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 05:09:53 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 05:09:53 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 05:09:53 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 05:09:53 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 05:09:53 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-12 05:09:53 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-11 20:51:03 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-11 20:51:02 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-11 20:51:02 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-11 17:52:43 -------- d-----w- C:\Users\Martin\AppData\Local\{644215ED-1808-46FF-9D1F-D5F689470F19}
2012-04-11 17:52:32 -------- d-----w- C:\Users\Martin\AppData\Local\{86702B0C-CEA9-40D2-A10F-857901959E23}
2012-04-11 05:52:04 -------- d-----w- C:\Users\Martin\AppData\Local\{62C6E83F-DEC9-4C1E-851E-CB2CB07F16C9}
2012-04-11 05:51:52 -------- d-----w- C:\Users\Martin\AppData\Local\{59902D72-362D-48AA-B715-9B3AA1FB90F4}
2012-04-10 17:51:25 -------- d-----w- C:\Users\Martin\AppData\Local\{7650005E-6AF8-42D6-A497-0F1DE56F4CF5}
2012-04-10 17:51:13 -------- d-----w- C:\Users\Martin\AppData\Local\{FE50D59D-559B-44AB-A186-56813EDC5E92}
2012-04-10 05:51:01 -------- d-----w- C:\Users\Martin\AppData\Local\{F82F999D-05F2-4F5A-96BF-833A5F74BC1D}
2012-04-10 05:50:49 -------- d-----w- C:\Users\Martin\AppData\Local\{ABE6C3FE-0AC8-4580-8ABB-0606FE236D21}
2012-04-09 17:50:23 -------- d-----w- C:\Users\Martin\AppData\Local\{981A10FB-4E35-4A1B-93C4-65DEFA204D41}
2012-04-09 17:50:12 -------- d-----w- C:\Users\Martin\AppData\Local\{7A4B9A1E-DDE4-405B-B2E8-0E9587D4D8AF}
2012-04-09 10:22:30 4916384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-04-09 05:49:59 -------- d-----w- C:\Users\Martin\AppData\Local\{5F6DB296-0169-4D1A-958E-A30406D525E4}
2012-04-09 05:49:48 -------- d-----w- C:\Users\Martin\AppData\Local\{6BFC1F6D-21C5-49BA-A59C-D9857F7474DD}
2012-04-08 17:49:21 -------- d-----w- C:\Users\Martin\AppData\Local\{670A4BBF-138C-4756-BB48-9DFCF9038B3E}
2012-04-08 17:49:10 -------- d-----w- C:\Users\Martin\AppData\Local\{3B723ACB-4DE2-41CB-98D0-47C61A131CFC}
2012-04-08 09:46:33 -------- d-----w- C:\Users\Martin\AppData\Local\Unity
2012-04-08 09:46:20 -------- d-----w- C:\Users\Martin\AppData\Local\Deployment
2012-04-08 09:46:20 -------- d-----w- C:\Users\Martin\AppData\Local\Apps
2012-04-08 05:48:55 -------- d-----w- C:\Users\Martin\AppData\Local\{1AE2C9F1-5DC0-4378-806E-6E3B11885B0E}
2012-04-08 05:48:44 -------- d-----w- C:\Users\Martin\AppData\Local\{43EBB5B0-B2A3-4C64-A359-9C7CC6D4C6E8}
2012-04-07 17:38:56 -------- d-----w- C:\Users\Martin\AppData\Local\{0F1DDBC2-E6C0-45E4-AF80-D9E2306615C5}
2012-04-07 17:38:45 -------- d-----w- C:\Users\Martin\AppData\Local\{C567D232-E6C4-40F7-ADED-F4D62C5E4798}
2012-04-07 10:31:15 -------- d-----w- C:\Users\Martin\AppData\Roaming\JonathanLeger.com
2012-04-07 10:31:15 -------- d-----w- C:\Users\Martin\AppData\Local\IsolatedStorage
2012-04-07 10:31:06 -------- d-----w- C:\Users\Martin\AppData\Local\JonathanLeger.com
2012-04-07 10:30:28 -------- d-----w- C:\Program Files (x86)\TheBestSpinner3
2012-04-07 10:27:30 -------- d-----w- C:\Users\Martin\AppData\Local\TheBestSpinner
2012-04-07 05:38:20 -------- d-----w- C:\Users\Martin\AppData\Local\{8BDF3E34-27E1-4869-91FB-B4BD46E2A365}
2012-04-07 05:38:09 -------- d-----w- C:\Users\Martin\AppData\Local\{B89DC5C4-3DEA-4192-823D-84FFD869416F}
2012-04-06 20:56:14 -------- d-----w- C:\Users\Martin\AppData\Local\Vagex
2012-04-06 17:37:43 -------- d-----w- C:\Users\Martin\AppData\Local\{28F28243-D5E1-44B2-AD66-37FE4E7B567E}
2012-04-06 17:37:33 -------- d-----w- C:\Users\Martin\AppData\Local\{56980446-B14A-4A47-9CD3-DAE9A91C5680}
2012-04-06 05:37:07 -------- d-----w- C:\Users\Martin\AppData\Local\{D69363EB-9E8B-4D52-B304-EBB2C7FACA46}
2012-04-06 05:36:57 -------- d-----w- C:\Users\Martin\AppData\Local\{20405D63-D367-47FF-9345-E5DB981F268E}
2012-04-06 05:36:56 -------- d-----w- C:\Users\Martin\AppData\Local\{5274CFB3-D142-4665-AB83-72DA1DC6C12A}
2012-04-06 05:07:54 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-06 05:07:54 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-06 04:40:38 -------- d-----w- C:\Windows\System32\SPReview
2012-04-06 04:39:21 -------- d-----w- C:\Windows\System32\EventProviders
2012-04-05 17:36:30 -------- d-----w- C:\Users\Martin\AppData\Local\{96C5DE79-2D59-4227-842C-D4783D12153D}
2012-04-05 17:36:19 -------- d-----w- C:\Users\Martin\AppData\Local\{94798529-08FE-43CA-8934-A01AD83BD4B0}
2012-04-05 05:36:07 -------- d-----w- C:\Users\Martin\AppData\Local\{F1290D9B-75BE-43C2-B8A2-193AC30D6486}
2012-04-05 05:35:56 -------- d-----w- C:\Users\Martin\AppData\Local\{6E6598B9-4D5B-48E0-9DBB-7D85EE28F1F4}
2012-04-04 20:02:11 -------- d-----w- C:\Users\Martin\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
2012-04-04 20:01:09 -------- d-----w- C:\Users\Martin\AppData\Local\Adobe
2012-04-04 17:35:30 -------- d-----w- C:\Users\Martin\AppData\Local\{AD4A945D-0429-4A3D-8D52-1CCD80FB1152}
2012-04-04 17:35:19 -------- d-----w- C:\Users\Martin\AppData\Local\{EB293F20-3C1D-49AF-837D-720A4B606CF3}
2012-04-04 05:34:50 -------- d-----w- C:\Users\Martin\AppData\Local\{16FF82A6-3FCC-43BA-824D-C373F172520E}
2012-04-04 05:34:39 -------- d-----w- C:\Users\Martin\AppData\Local\{88D89B32-1D40-43D0-9CD9-AE14F2755117}
2012-04-04 05:24:16 -------- d-----w- C:\Users\Martin\AppData\Local\Mozilla
2012-04-04 05:22:59 81920 ----a-w- C:\Windows\SysWow64\userenv.dll
2012-04-04 05:21:57 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2012-04-04 05:21:57 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2012-04-04 05:21:57 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll
2012-04-04 05:20:52 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2012-04-04 05:20:52 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2012-04-04 05:20:48 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2012-04-04 04:58:13 -------- d-----w- C:\Users\Martin\AppData\Roaming\Malwarebytes
2012-04-04 04:58:08 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-04 04:58:07 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-04 04:58:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-04 04:55:59 96768 ----a-w- C:\Windows\System32\fsutil.exe
2012-04-04 04:55:59 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2012-04-04 04:55:59 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2012-04-04 04:55:59 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2012-04-04 04:40:04 -------- d-----w- C:\Windows\SysWow64\Wat
2012-04-04 04:40:04 -------- d-----w- C:\Windows\System32\Wat
2012-04-03 21:07:13 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2012-04-03 18:51:31 -------- d-----w- C:\Users\Martin\AppData\Local\Google
2012-04-03 18:51:22 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-03 18:51:22 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-03 17:34:15 -------- d-----w- C:\Users\Martin\AppData\Local\{4753EF42-633F-4A90-943B-74C96477177A}
2012-04-03 07:13:41 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-04-03 07:13:41 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-04-03 07:13:40 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-04-03 05:05:43 14744 ----a-w- C:\Users\Martin\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
2012-04-03 05:03:48 -------- d-----w- C:\Program Files (x86)\MSECache
2012-04-03 04:35:59 -------- d-----w- C:\Users\Martin\AppData\Local\{2E4A2783-3E96-4ED2-8D88-0DC5F9BBD4AC}
2012-04-03 04:35:45 -------- d-----w- C:\Users\Martin\Tracing
2012-04-03 04:26:13 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-04-03 04:26:13 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-04-03 04:24:57 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-04-03 04:23:43 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2012-04-03 04:22:32 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2012-04-03 04:22:32 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-04-03 04:22:32 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-04-03 04:22:32 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-04-03 04:22:32 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-04-03 04:22:32 100864 ----a-w- C:\Windows\System32\fontsub.dll
2012-04-03 04:22:14 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2012-04-03 04:20:54 642944 ----a-w- C:\Windows\System32\winload.efi
2012-04-03 04:19:58 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2012-04-03 04:19:58 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2012-04-03 04:19:58 331776 ----a-w- C:\Windows\System32\oleacc.dll
2012-04-03 04:19:58 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2012-04-03 04:19:57 723456 ----a-w- C:\Windows\System32\EncDec.dll
2012-04-03 04:19:57 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-04-03 04:19:54 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-04-03 04:19:54 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-04-03 04:19:44 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-04-03 04:19:44 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-04-03 04:19:27 244736 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2012-04-03 04:19:23 189952 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2012-04-03 04:12:47 77312 ----a-w- C:\Windows\System32\packager.dll
2012-04-03 04:12:47 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-04-03 04:10:12 -------- d-----w- C:\Windows\PCHEALTH
2012-04-03 04:07:07 -------- d-----w- C:\Users\Martin\AppData\Local\Microsoft Help
2012-04-02 20:20:11 -------- d-----w- C:\Windows\Panther
2012-04-02 20:19:46 -------- d-----w- C:\Windows\System32\oem
2012-04-02 19:21:33 0 ----a-w- C:\Windows\ativpsrm.bin
2012-04-02 18:40:36 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-02 18:40:35 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-04-02 18:40:35 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-04-02 18:40:35 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-02 18:40:35 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-04-02 13:14:59 -------- d-----w- C:\Program Files (x86)\Belkin
2012-04-02 13:06:38 -------- d-----w- C:\Users\Martin\AppData\Roaming\AVG2012
2012-04-02 13:06:00 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-04-02 13:05:48 -------- d--h--w- C:\$AVG
2012-04-02 13:05:48 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-04-02 13:05:48 -------- d-----w- C:\ProgramData\AVG2012
2012-04-02 13:05:20 -------- d-----w- C:\Program Files (x86)\AVG
2012-04-02 13:02:39 -------- d--h--w- C:\ProgramData\Common Files
2012-04-02 13:02:27 -------- d-----w- C:\ProgramData\MFAData
2012-04-02 12:44:31 40464 ----a-w- C:\Windows\System32\drivers\npf.sys
2012-04-02 12:43:03 -------- d-----w- C:\Windows\{72E4A482-6DE7-406D-A6CD-59EF1123B0C9}
2012-04-02 12:29:44 -------- d-----w- C:\Users\Martin\AppData\Local\ElevatedDiagnostics
2012-04-02 12:25:59 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6AB8F123-AD1A-450C-B236-20AEFCDA53AB}\mpengine.dll
2012-04-02 12:25:58 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-04-02 11:47:03 45056 ----a-r- C:\Users\Martin\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2012-04-02 11:47:03 -------- d-----w- C:\Windows\SysWow64\vmm32
2012-04-02 11:47:03 -------- d-----w- C:\Program Files (x86)\Dell
2012-04-02 11:46:44 -------- d-sh--w- C:\Windows\Installer
2012-04-02 11:35:53 -------- d-----w- C:\Users\Martin\AppData\Local\Diagnostics
.
==================== Find3M ====================
.
2012-04-06 04:48:59 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-04-06 04:48:58 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-03-08 17:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-02-28 06:39:37 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 05:38:52 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 04:31:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 03:52:27 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-22 04:25:50 382032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-02-22 04:25:32 289872 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-07 10:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-31 03:46:48 36944 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
.
============= FINISH: 15:38:03.50 ===============

Attached Files

•  DDS.txt   26.59KB   26 downloads
•  Attach.txt   9.2KB   12 downloads

[LDTate]

Logs will be closed if you haven't replied within 3 days


Please don't attach the scans / logs for these tools, use "copy/paste".


DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.


Are you using a router?

[RupertHentzau]

Yes I use a router

[LDTate]

Let’s try to reset the router to its default configuration.

• This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  
• Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  
• You also need to reconfigure any security settings you had in place prior to the reset.
  
• You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

[RupertHentzau]

I'm a little confused here.

Is there something wrong?

By 'you need to configure any security settings' where and what security settings?

I've found out what dns servers my network should be using. But at a loss as to what I should do with that information?

Thanks for your help (and patience).

[LDTate]

Last wednesday kept opening windows (weirdly so did my wife's laptop when I switched to that) and yahoo mail kept security flagging me that I was accessing mail from Netherlands, when I was in London.

Quote

You stated both were doing the same thing so that usually is an indication you have a router infection.

[RupertHentzau]

Even to a novice like me it seemed 'unusual' and I've just got the feeling whatever it was has come back.

Could you tell me what you meant by security settings? Windows or malwarebytes settings ? and how would I do this please?

[LDTate]

Security settings in the router, like a password to access the router.

[LDTate]

Did that work?

[RupertHentzau]

I've reset the router. The factory settings were so easily available to anyone it is no wonder they are hacked. Unfortunately the router won't let me reset it's password.

Speaking to their technical guy this morning. I'll post you the details mid morning. Thanks for your help

[LDTate]

OK

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!