RupertHentzau

Total Reinstall But Puter Playing up again

12 posts in this topic

Had Searchcore. net last month. Rkill run and where previously got clean bill MWB Pro, spotted 2 infected files, was still there after scan (symptions hotmail account playing totally up).

Totally reinstalled- no partitions.

Now IE playing up, which was the first sympton last time.

Last wednesday kept opening windows (weirdly so did my wife's laptop when I switched to that) and yahoo mail kept security flagging me that I was accessing mail from Netherlands, when I was in London.

Am I still infected or just paranoid?

Thanks guys.

Do have patience if I've not given correct info, novice to all this.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by Martin at 15:37:06 on 2012-04-18

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2396 [GMT 1:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2012\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://google.co.uk/

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PLAYWI~1.LNK - C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{58D7F3AC-69AD-4E47-9036-8E575EE2E6CD} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{A5BA96F0-F698-4789-ACF4-B176B748C5E7} : DhcpNameServer = 192.168.0.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: AVG Do-Not-Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO-X64: AVG Do-Not-Track - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\gw9qyw9s.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Users\Martin\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll

FF - plugin: C:\Users\Martin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\avgidseha.sys --> C:\Windows\system32\DRIVERS\avgidseha.sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-2-14 5104992]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-11 654408]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-4-9 3063968]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]

R2 WLANBelkinService;Belkin WLAN service;C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe [2009-12-28 36864]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]

R3 BCMH43XX;N+ Wireless USB Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]

R3 LVUVC64;Logitech Webcam 200(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-4-5 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 253088]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-04-18 09:43:25 -------- d-----w- C:\Program Files (x86)\Market Samurai

2012-04-18 05:07:19 -------- d-----w- C:\Users\Martin\AppData\Local\{B9942C70-AB80-4674-A88E-36434C428347}

2012-04-18 05:07:09 -------- d-----w- C:\Users\Martin\AppData\Local\{B33A4E46-E992-4810-A5FF-818809501250}

2012-04-17 08:43:18 -------- d-----w- C:\Users\Martin\AppData\Local\{C892B2D9-5E0D-4D0D-A22C-D428ADB9C25C}

2012-04-17 08:43:06 -------- d-----w- C:\Users\Martin\AppData\Local\{179275B1-3F30-4AA4-903F-9B57FE338AED}

2012-04-16 20:16:34 -------- d-----w- C:\Users\Martin\AppData\Local\{43195AF9-A15D-4FA7-805B-6DA96F72C587}

2012-04-16 20:16:23 -------- d-----w- C:\Users\Martin\AppData\Local\{D939CCB4-C08C-464B-8C2E-E0F0402D023F}

2012-04-16 08:16:09 -------- d-----w- C:\Users\Martin\AppData\Local\{C61DD24B-DECD-4FBB-96D5-E2571243EBD9}

2012-04-16 08:15:57 -------- d-----w- C:\Users\Martin\AppData\Local\{1687BE7D-8A08-4B3E-B312-E6771154F344}

2012-04-15 19:21:46 -------- d-----w- C:\Users\Martin\AppData\Local\{E09E47BD-D279-4B67-ACC6-C3C3D5BC2F41}

2012-04-15 19:21:35 -------- d-----w- C:\Users\Martin\AppData\Local\{5E2C1B29-8840-4CAF-8ECD-55BDF75DF72B}

2012-04-15 07:21:22 -------- d-----w- C:\Users\Martin\AppData\Local\{E3B53F65-AB6C-4E4B-8080-2342D16DE419}

2012-04-15 07:21:11 -------- d-----w- C:\Users\Martin\AppData\Local\{C04AF343-4F46-4EFE-B640-95B7DDF10032}

2012-04-14 19:20:57 -------- d-----w- C:\Users\Martin\AppData\Local\{BBB26C46-6236-470D-8AE4-14F4A3C33883}

2012-04-14 19:20:46 -------- d-----w- C:\Users\Martin\AppData\Local\{EDCAAD96-DC7A-4479-8567-A14560D2257C}

2012-04-14 14:48:01 8766112 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-04-14 07:20:31 -------- d-----w- C:\Users\Martin\AppData\Local\{F18BEF0F-A0BD-48D6-AB33-727E2FBA7408}

2012-04-14 07:20:19 -------- d-----w- C:\Users\Martin\AppData\Local\{284B7A63-6C81-49F1-94CA-DC62222BDD17}

2012-04-13 17:55:05 -------- d-----w- C:\Users\Martin\AppData\Local\{26BC4569-DCC4-4995-BF86-F0EC643F6D70}

2012-04-13 17:54:53 -------- d-----w- C:\Users\Martin\AppData\Local\{583950CE-E66C-4CC7-AC86-9C39E13BAB7E}

2012-04-13 10:13:41 -------- d-----w- C:\ProgramData\boost_interprocess

2012-04-13 10:13:19 -------- d-----r- C:\Program Files (x86)\Skype

2012-04-13 05:54:40 -------- d-----w- C:\Users\Martin\AppData\Local\{F9E3C431-1293-4359-A24C-5706A58CD7DC}

2012-04-13 05:54:28 -------- d-----w- C:\Users\Martin\AppData\Local\{83A815BD-A238-4A9D-B32C-3CA5672FCC89}

2012-04-12 17:54:01 -------- d-----w- C:\Users\Martin\AppData\Local\{7278B8B3-7C8F-4A48-AFA3-13C52AFC8D77}

2012-04-12 17:53:49 -------- d-----w- C:\Users\Martin\AppData\Local\{719A12E0-CECC-473B-90DF-98954361D451}

2012-04-12 05:53:20 -------- d-----w- C:\Users\Martin\AppData\Local\{05D4DECA-FD91-420B-B532-40BFA8A7EE75}

2012-04-12 05:53:09 -------- d-----w- C:\Users\Martin\AppData\Local\{ED3714E4-B9F9-470C-8CC8-29BC8E536B91}

2012-04-12 05:09:53 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-04-12 05:09:53 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-12 05:09:53 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-04-12 05:09:53 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-04-12 05:09:53 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-04-12 05:09:53 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-04-12 05:09:53 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-04-11 20:51:03 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-04-11 20:51:02 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-04-11 20:51:02 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-04-11 17:52:43 -------- d-----w- C:\Users\Martin\AppData\Local\{644215ED-1808-46FF-9D1F-D5F689470F19}

2012-04-11 17:52:32 -------- d-----w- C:\Users\Martin\AppData\Local\{86702B0C-CEA9-40D2-A10F-857901959E23}

2012-04-11 05:52:04 -------- d-----w- C:\Users\Martin\AppData\Local\{62C6E83F-DEC9-4C1E-851E-CB2CB07F16C9}

2012-04-11 05:51:52 -------- d-----w- C:\Users\Martin\AppData\Local\{59902D72-362D-48AA-B715-9B3AA1FB90F4}

2012-04-10 17:51:25 -------- d-----w- C:\Users\Martin\AppData\Local\{7650005E-6AF8-42D6-A497-0F1DE56F4CF5}

2012-04-10 17:51:13 -------- d-----w- C:\Users\Martin\AppData\Local\{FE50D59D-559B-44AB-A186-56813EDC5E92}

2012-04-10 05:51:01 -------- d-----w- C:\Users\Martin\AppData\Local\{F82F999D-05F2-4F5A-96BF-833A5F74BC1D}

2012-04-10 05:50:49 -------- d-----w- C:\Users\Martin\AppData\Local\{ABE6C3FE-0AC8-4580-8ABB-0606FE236D21}

2012-04-09 17:50:23 -------- d-----w- C:\Users\Martin\AppData\Local\{981A10FB-4E35-4A1B-93C4-65DEFA204D41}

2012-04-09 17:50:12 -------- d-----w- C:\Users\Martin\AppData\Local\{7A4B9A1E-DDE4-405B-B2E8-0E9587D4D8AF}

2012-04-09 10:22:30 4916384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

2012-04-09 05:49:59 -------- d-----w- C:\Users\Martin\AppData\Local\{5F6DB296-0169-4D1A-958E-A30406D525E4}

2012-04-09 05:49:48 -------- d-----w- C:\Users\Martin\AppData\Local\{6BFC1F6D-21C5-49BA-A59C-D9857F7474DD}

2012-04-08 17:49:21 -------- d-----w- C:\Users\Martin\AppData\Local\{670A4BBF-138C-4756-BB48-9DFCF9038B3E}

2012-04-08 17:49:10 -------- d-----w- C:\Users\Martin\AppData\Local\{3B723ACB-4DE2-41CB-98D0-47C61A131CFC}

2012-04-08 09:46:33 -------- d-----w- C:\Users\Martin\AppData\Local\Unity

2012-04-08 09:46:20 -------- d-----w- C:\Users\Martin\AppData\Local\Deployment

2012-04-08 09:46:20 -------- d-----w- C:\Users\Martin\AppData\Local\Apps

2012-04-08 05:48:55 -------- d-----w- C:\Users\Martin\AppData\Local\{1AE2C9F1-5DC0-4378-806E-6E3B11885B0E}

2012-04-08 05:48:44 -------- d-----w- C:\Users\Martin\AppData\Local\{43EBB5B0-B2A3-4C64-A359-9C7CC6D4C6E8}

2012-04-07 17:38:56 -------- d-----w- C:\Users\Martin\AppData\Local\{0F1DDBC2-E6C0-45E4-AF80-D9E2306615C5}

2012-04-07 17:38:45 -------- d-----w- C:\Users\Martin\AppData\Local\{C567D232-E6C4-40F7-ADED-F4D62C5E4798}

2012-04-07 10:31:15 -------- d-----w- C:\Users\Martin\AppData\Roaming\JonathanLeger.com

2012-04-07 10:31:15 -------- d-----w- C:\Users\Martin\AppData\Local\IsolatedStorage

2012-04-07 10:31:06 -------- d-----w- C:\Users\Martin\AppData\Local\JonathanLeger.com

2012-04-07 10:30:28 -------- d-----w- C:\Program Files (x86)\TheBestSpinner3

2012-04-07 10:27:30 -------- d-----w- C:\Users\Martin\AppData\Local\TheBestSpinner

2012-04-07 05:38:20 -------- d-----w- C:\Users\Martin\AppData\Local\{8BDF3E34-27E1-4869-91FB-B4BD46E2A365}

2012-04-07 05:38:09 -------- d-----w- C:\Users\Martin\AppData\Local\{B89DC5C4-3DEA-4192-823D-84FFD869416F}

2012-04-06 20:56:14 -------- d-----w- C:\Users\Martin\AppData\Local\Vagex

2012-04-06 17:37:43 -------- d-----w- C:\Users\Martin\AppData\Local\{28F28243-D5E1-44B2-AD66-37FE4E7B567E}

2012-04-06 17:37:33 -------- d-----w- C:\Users\Martin\AppData\Local\{56980446-B14A-4A47-9CD3-DAE9A91C5680}

2012-04-06 05:37:07 -------- d-----w- C:\Users\Martin\AppData\Local\{D69363EB-9E8B-4D52-B304-EBB2C7FACA46}

2012-04-06 05:36:57 -------- d-----w- C:\Users\Martin\AppData\Local\{20405D63-D367-47FF-9345-E5DB981F268E}

2012-04-06 05:36:56 -------- d-----w- C:\Users\Martin\AppData\Local\{5274CFB3-D142-4665-AB83-72DA1DC6C12A}

2012-04-06 05:07:54 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-06 05:07:54 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-06 04:40:38 -------- d-----w- C:\Windows\System32\SPReview

2012-04-06 04:39:21 -------- d-----w- C:\Windows\System32\EventProviders

2012-04-05 17:36:30 -------- d-----w- C:\Users\Martin\AppData\Local\{96C5DE79-2D59-4227-842C-D4783D12153D}

2012-04-05 17:36:19 -------- d-----w- C:\Users\Martin\AppData\Local\{94798529-08FE-43CA-8934-A01AD83BD4B0}

2012-04-05 05:36:07 -------- d-----w- C:\Users\Martin\AppData\Local\{F1290D9B-75BE-43C2-B8A2-193AC30D6486}

2012-04-05 05:35:56 -------- d-----w- C:\Users\Martin\AppData\Local\{6E6598B9-4D5B-48E0-9DBB-7D85EE28F1F4}

2012-04-04 20:02:11 -------- d-----w- C:\Users\Martin\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1

2012-04-04 20:01:09 -------- d-----w- C:\Users\Martin\AppData\Local\Adobe

2012-04-04 17:35:30 -------- d-----w- C:\Users\Martin\AppData\Local\{AD4A945D-0429-4A3D-8D52-1CCD80FB1152}

2012-04-04 17:35:19 -------- d-----w- C:\Users\Martin\AppData\Local\{EB293F20-3C1D-49AF-837D-720A4B606CF3}

2012-04-04 05:34:50 -------- d-----w- C:\Users\Martin\AppData\Local\{16FF82A6-3FCC-43BA-824D-C373F172520E}

2012-04-04 05:34:39 -------- d-----w- C:\Users\Martin\AppData\Local\{88D89B32-1D40-43D0-9CD9-AE14F2755117}

2012-04-04 05:24:16 -------- d-----w- C:\Users\Martin\AppData\Local\Mozilla

2012-04-04 05:22:59 81920 ----a-w- C:\Windows\SysWow64\userenv.dll

2012-04-04 05:21:57 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll

2012-04-04 05:21:57 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll

2012-04-04 05:21:57 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll

2012-04-04 05:20:52 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2012-04-04 05:20:52 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll

2012-04-04 05:20:48 244736 ----a-w- C:\Windows\System32\sqmapi.dll

2012-04-04 04:58:13 -------- d-----w- C:\Users\Martin\AppData\Roaming\Malwarebytes

2012-04-04 04:58:08 -------- d-----w- C:\ProgramData\Malwarebytes

2012-04-04 04:58:07 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-04-04 04:58:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-04-04 04:55:59 96768 ----a-w- C:\Windows\System32\fsutil.exe

2012-04-04 04:55:59 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe

2012-04-04 04:55:59 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys

2012-04-04 04:55:59 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys

2012-04-04 04:40:04 -------- d-----w- C:\Windows\SysWow64\Wat

2012-04-04 04:40:04 -------- d-----w- C:\Windows\System32\Wat

2012-04-03 21:07:13 294912 ----a-w- C:\Windows\System32\browserchoice.exe

2012-04-03 18:51:31 -------- d-----w- C:\Users\Martin\AppData\Local\Google

2012-04-03 18:51:22 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-03 18:51:22 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-04-03 17:34:15 -------- d-----w- C:\Users\Martin\AppData\Local\{4753EF42-633F-4A90-943B-74C96477177A}

2012-04-03 07:13:41 902656 ----a-w- C:\Windows\System32\d2d1.dll

2012-04-03 07:13:41 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2012-04-03 07:13:40 1139200 ----a-w- C:\Windows\System32\FntCache.dll

2012-04-03 05:05:43 14744 ----a-w- C:\Users\Martin\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll

2012-04-03 05:03:48 -------- d-----w- C:\Program Files (x86)\MSECache

2012-04-03 04:35:59 -------- d-----w- C:\Users\Martin\AppData\Local\{2E4A2783-3E96-4ED2-8D88-0DC5F9BBD4AC}

2012-04-03 04:35:45 -------- d-----w- C:\Users\Martin\Tracing

2012-04-03 04:26:13 715776 ----a-w- C:\Windows\System32\kerberos.dll

2012-04-03 04:26:13 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll

2012-04-03 04:24:57 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-04-03 04:23:43 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2012-04-03 04:22:32 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll

2012-04-03 04:22:32 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-04-03 04:22:32 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-04-03 04:22:32 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-04-03 04:22:32 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-04-03 04:22:32 100864 ----a-w- C:\Windows\System32\fontsub.dll

2012-04-03 04:22:14 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2012-04-03 04:20:54 642944 ----a-w- C:\Windows\System32\winload.efi

2012-04-03 04:19:58 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2012-04-03 04:19:58 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2012-04-03 04:19:58 331776 ----a-w- C:\Windows\System32\oleacc.dll

2012-04-03 04:19:58 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2012-04-03 04:19:57 723456 ----a-w- C:\Windows\System32\EncDec.dll

2012-04-03 04:19:57 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2012-04-03 04:19:54 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-04-03 04:19:54 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-04-03 04:19:44 1731920 ----a-w- C:\Windows\System32\ntdll.dll

2012-04-03 04:19:44 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll

2012-04-03 04:19:27 244736 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll

2012-04-03 04:19:23 189952 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll

2012-04-03 04:12:47 77312 ----a-w- C:\Windows\System32\packager.dll

2012-04-03 04:12:47 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2012-04-03 04:10:12 -------- d-----w- C:\Windows\PCHEALTH

2012-04-03 04:07:07 -------- d-----w- C:\Users\Martin\AppData\Local\Microsoft Help

2012-04-02 20:20:11 -------- d-----w- C:\Windows\Panther

2012-04-02 20:19:46 -------- d-----w- C:\Windows\System32\oem

2012-04-02 19:21:33 0 ----a-w- C:\Windows\ativpsrm.bin

2012-04-02 18:40:36 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-02 18:40:35 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-04-02 18:40:35 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-04-02 18:40:35 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-02 18:40:35 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-04-02 13:14:59 -------- d-----w- C:\Program Files (x86)\Belkin

2012-04-02 13:06:38 -------- d-----w- C:\Users\Martin\AppData\Roaming\AVG2012

2012-04-02 13:06:00 -------- d-----w- C:\Windows\SysWow64\drivers\AVG

2012-04-02 13:05:48 -------- d--h--w- C:\$AVG

2012-04-02 13:05:48 -------- d-----w- C:\Windows\System32\drivers\AVG

2012-04-02 13:05:48 -------- d-----w- C:\ProgramData\AVG2012

2012-04-02 13:05:20 -------- d-----w- C:\Program Files (x86)\AVG

2012-04-02 13:02:39 -------- d--h--w- C:\ProgramData\Common Files

2012-04-02 13:02:27 -------- d-----w- C:\ProgramData\MFAData

2012-04-02 12:44:31 40464 ----a-w- C:\Windows\System32\drivers\npf.sys

2012-04-02 12:43:03 -------- d-----w- C:\Windows\{72E4A482-6DE7-406D-A6CD-59EF1123B0C9}

2012-04-02 12:29:44 -------- d-----w- C:\Users\Martin\AppData\Local\ElevatedDiagnostics

2012-04-02 12:25:59 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6AB8F123-AD1A-450C-B236-20AEFCDA53AB}\mpengine.dll

2012-04-02 12:25:58 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-04-02 11:47:03 45056 ----a-r- C:\Users\Martin\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe

2012-04-02 11:47:03 -------- d-----w- C:\Windows\SysWow64\vmm32

2012-04-02 11:47:03 -------- d-----w- C:\Program Files (x86)\Dell

2012-04-02 11:46:44 -------- d-sh--w- C:\Windows\Installer

2012-04-02 11:35:53 -------- d-----w- C:\Users\Martin\AppData\Local\Diagnostics

.

==================== Find3M ====================

.

2012-04-06 04:48:59 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2012-04-06 04:48:58 175616 ----a-w- C:\Windows\System32\msclmd.dll

2012-03-08 17:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll

2012-02-28 06:39:37 1188864 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 05:38:52 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 04:31:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 03:52:27 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-22 04:25:50 382032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys

2012-02-22 04:25:32 289872 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-02-07 10:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-01-31 03:46:48 36944 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys

.

============= FINISH: 15:38:03.50 ===============

DDS.txt

Attach.txt

Share this post


Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Are you using a router?

Share this post


Link to post
Share on other sites

Let’s try to reset the router to its default configuration.

  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Share this post


Link to post
Share on other sites

I'm a little confused here.

Is there something wrong?

By 'you need to configure any security settings' where and what security settings?

I've found out what dns servers my network should be using. But at a loss as to what I should do with that information?

Thanks for your help (and patience).

Share this post


Link to post
Share on other sites

Last wednesday kept opening windows (weirdly so did my wife's laptop when I switched to that) and yahoo mail kept security flagging me that I was accessing mail from Netherlands, when I was in London.

You stated both were doing the same thing so that usually is an indication you have a router infection.

Share this post


Link to post
Share on other sites

Even to a novice like me it seemed 'unusual' and I've just got the feeling whatever it was has come back.

Could you tell me what you meant by security settings? Windows or malwarebytes settings ? and how would I do this please?

Share this post


Link to post
Share on other sites

Security settings in the router, like a password to access the router.

Share this post


Link to post
Share on other sites

I've reset the router. The factory settings were so easily available to anyone it is no wonder they are hacked. Unfortunately the router won't let me reset it's password.

Speaking to their technical guy this morning. I'll post you the details mid morning. Thanks for your help

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.