Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Ads all over facebook, fake statuses of friends.


  • This topic is locked This topic is locked

#1
boomerang531

boomerang531

    Member

  • Member
  • PipPip
  • 13 posts
I recently downloaded 7-zip from www.download-free.com, it was from a google sponsored link so I thought it would be safe. The installation did not complete as AVG intervened, but ever since, there have been an insane amount of ads on my facebook, even in between the newsfeed. I know its an adware, but all scans dont seem to find it.

Here is my OTL report. Thank you very much for your time.


OTL logfile created on: 7/21/2011 4:42:43 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Roy\Downloads
An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.95 Mb Total Physical Memory | 195.64 Mb Available Physical Memory | 19.29% Memory free
1.99 Gb Paging File | 0.96 Gb Available in Paging File | 48.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143.04 Gb Total Space | 38.07 Gb Free Space | 26.61% Space Free | Partition Type: NTFS

Computer Name: ROY-PC | User Name: Roy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/21 16:30:38 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Roy\Downloads\OTL.exe
PRC - [2011/06/03 00:56:57 | 000,271,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/14 08:08:18 | 000,303,104 | ---- | M] (Tiger Green Productions LLC) -- C:\Program Files\X3watch\x3watch.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/03/25 18:42:36 | 000,388,096 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe


========== Modules (SafeList) ==========

MOD - [2011/07/21 16:30:38 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Roy\Downloads\OTL.exe
MOD - [2010/11/20 06:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/20 17:51:05 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/07/02 04:19:18 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:30 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:50 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:42 | 000,021,968 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:40 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 17:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV - [2009/07/13 17:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F3 FA 91 99 63 38 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Roy\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Roy\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/07/13 17:48:01 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe (Tiger Green Productions LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.59.247.45 208.59.247.46
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/21 16:18:16 | 000,000,000 | ---D | C] -- C:\Users\Roy\AppData\Local\Diagnostics
[2011/07/20 19:02:32 | 000,000,000 | ---D | C] -- C:\Users\Roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/07/20 19:02:31 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/07/20 17:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2011/07/20 17:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
[2011/07/20 17:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Rosetta Stone
[2011/07/20 17:49:54 | 000,000,000 | ---D | C] -- C:\Program Files\Rosetta Stone
[2011/07/20 17:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/07/20 17:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/07/20 17:28:02 | 000,000,000 | ---D | C] -- C:\Program Files\Object
[2011/07/14 23:15:23 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/07/14 23:14:19 | 000,000,000 | ---D | C] -- C:\Users\Roy\AppData\Roaming\uTorrent
[2011/07/14 23:14:19 | 000,000,000 | ---D | C] -- C:\Users\Roy\AppData\Local\uTorrent
[2011/07/08 17:35:30 | 000,000,000 | ---D | C] -- C:\Users\Roy\AppData\Roaming\Skype
[2011/07/08 17:34:24 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/07/08 17:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/07/08 17:34:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/07/05 18:47:46 | 000,000,000 | ---D | C] -- C:\Users\Roy\AppData\Roaming\Apple Computer
[2011/07/05 18:47:46 | 000,000,000 | ---D | C] -- C:\Users\Roy\AppData\Local\Apple Computer
[2011/07/05 18:47:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/07/05 18:47:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/07/05 18:45:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/07/05 18:45:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/07/05 18:45:47 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/07/05 18:41:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/07/05 18:41:28 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/07/05 18:41:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/07/05 18:40:56 | 000,000,000 | ---D | C] -- C:\Users\Roy\AppData\Local\Apple
[2011/07/05 18:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/07/05 18:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/07/05 18:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/07/05 18:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/07/05 17:53:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/07/05 17:52:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/07/05 17:28:40 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2011/07/05 17:03:49 | 000,000,000 | ---D | C] -- C:\Users\Roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/07/04 11:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/07/02 04:20:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2011/07/02 03:58:30 | 000,000,000 | ---D | C] -- C:\Users\Roy\AppData\Roaming\Macromedia
[2011/07/02 03:58:29 | 000,000,000 | ---D | C] -- C:\Users\Roy\AppData\Roaming\Adobe
[2011/07/02 03:57:25 | 000,000,000 | ---D | C] -- C:\Users\Roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/07/02 03:55:01 | 000,000,000 | ---D | C] -- C:\Users\Roy\AppData\Local\Google
[2011/07/02 03:54:03 | 000,000,000 | ---D | C] -- C:\Users\Roy\AppData\Local\Apps
[2011/07/02 03:54:02 | 000,000,000 | ---D | C] -- C:\Users\Roy\AppData\Local\Deployment
[2011/07/02 00:31:51 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011/07/02 00:31:36 | 000,000,000 | -HSD | C] -- C:\Boot
[2011/07/02 00:10:18 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/07/01 23:35:51 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/07/01 23:33:45 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011/07/01 23:32:44 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/07/01 22:21:08 | 000,000,000 | ---D | C] -- C:\Users\Roy\AppData\Roaming\x3watch
[2011/07/01 22:21:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\x3watch
[2011/07/01 22:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\X3watch
[2011/07/01 22:19:38 | 000,000,000 | ---D | C] -- C:\Program Files\X3watch
[2011/07/01 22:17:28 | 000,000,000 | ---D | C] -- C:\Users\Roy\AppData\Roaming\AVG10
[2011/07/01 22:16:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/07/01 22:15:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/07/01 22:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/07/01 22:14:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/07/01 22:13:10 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/07/01 22:07:06 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/07/01 22:06:55 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/07/01 21:58:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2011/07/01 21:53:00 | 000,000,000 | R--D | C] -- C:\Users\Roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/07/01 21:53:00 | 000,000,000 | R--D | C] -- C:\Users\Roy\Searches
[2011/07/01 21:53:00 | 000,000,000 | R--D | C] -- C:\Users\Roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/07/01 21:53:00 | 000,000,000 | -H-D | C] -- C:\Users\Roy\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/07/01 21:52:50 | 000,000,000 | ---D | C] -- C:\Users\Roy\AppData\Roaming\Identities
[2011/07/01 21:52:47 | 000,000,000 | R--D | C] -- C:\Users\Roy\Contacts
[2011/07/01 21:52:38 | 000,000,000 | ---D | C] -- C:\Users\Roy\AppData\Local\VirtualStore
[2011/07/01 21:52:35 | 000,000,000 | --SD | C] -- C:\Users\Roy\AppData\Roaming\Microsoft
[2011/07/01 21:52:35 | 000,000,000 | R--D | C] -- C:\Users\Roy\Videos
[2011/07/01 21:52:35 | 000,000,000 | R--D | C] -- C:\Users\Roy\Saved Games
[2011/07/01 21:52:35 | 000,000,000 | R--D | C] -- C:\Users\Roy\Pictures
[2011/07/01 21:52:35 | 000,000,000 | R--D | C] -- C:\Users\Roy\Music
[2011/07/01 21:52:35 | 000,000,000 | R--D | C] -- C:\Users\Roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/07/01 21:52:35 | 000,000,000 | R--D | C] -- C:\Users\Roy\Links
[2011/07/01 21:52:35 | 000,000,000 | R--D | C] -- C:\Users\Roy\Favorites
[2011/07/01 21:52:35 | 000,000,000 | R--D | C] -- C:\Users\Roy\Downloads
[2011/07/01 21:52:35 | 000,000,000 | R--D | C] -- C:\Users\Roy\Documents
[2011/07/01 21:52:35 | 000,000,000 | R--D | C] -- C:\Users\Roy\Desktop
[2011/07/01 21:52:35 | 000,000,000 | R--D | C] -- C:\Users\Roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/07/01 21:52:35 | 000,000,000 | -HSD | C] -- C:\Users\Roy\AppData\Local\Temporary Internet Files
[2011/07/01 21:52:35 | 000,000,000 | -HSD | C] -- C:\Users\Roy\Templates
[2011/07/01 21:52:35 | 000,000,000 | -HSD | C] -- C:\Users\Roy\Start Menu
[2011/07/01 21:52:35 | 000,000,000 | -HSD | C] -- C:\Users\Roy\SendTo
[2011/07/01 21:52:35 | 000,000,000 | -HSD | C] -- C:\Users\Roy\Recent
[2011/07/01 21:52:35 | 000,000,000 | -HSD | C] -- C:\Users\Roy\PrintHood
[2011/07/01 21:52:35 | 000,000,000 | -HSD | C] -- C:\Users\Roy\NetHood
[2011/07/01 21:52:35 | 000,000,000 | -HSD | C] -- C:\Users\Roy\Documents\My Videos
[2011/07/01 21:52:35 | 000,000,000 | -HSD | C] -- C:\Users\Roy\Documents\My Pictures
[2011/07/01 21:52:35 | 000,000,000 | -HSD | C] -- C:\Users\Roy\Documents\My Music
[2011/07/01 21:52:35 | 000,000,000 | -HSD | C] -- C:\Users\Roy\My Documents
[2011/07/01 21:52:35 | 000,000,000 | -HSD | C] -- C:\Users\Roy\Local Settings
[2011/07/01 21:52:35 | 000,000,000 | -HSD | C] -- C:\Users\Roy\AppData\Local\History
[2011/07/01 21:52:35 | 000,000,000 | -HSD | C] -- C:\Users\Roy\Cookies
[2011/07/01 21:52:35 | 000,000,000 | -HSD | C] -- C:\Users\Roy\Application Data
[2011/07/01 21:52:35 | 000,000,000 | -HSD | C] -- C:\Users\Roy\AppData\Local\Application Data
[2011/07/01 21:52:35 | 000,000,000 | -H-D | C] -- C:\Users\Roy\AppData
[2011/07/01 21:52:35 | 000,000,000 | ---D | C] -- C:\Users\Roy\AppData\Local\Temp
[2011/07/01 21:52:35 | 000,000,000 | ---D | C] -- C:\Users\Roy\AppData\Local\Microsoft
[2011/07/01 21:52:35 | 000,000,000 | ---D | C] -- C:\Users\Roy\AppData\Roaming\Media Center Programs
[2011/07/01 21:52:16 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011/06/30 20:14:53 | 000,000,000 | ---D | C] -- C:\Users\Roy\Documents\docs

========== Files - Modified Within 30 Days ==========

[2011/07/21 16:36:11 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/21 16:36:11 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/21 16:19:11 | 122,962,473 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/07/21 16:11:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/21 16:10:57 | 797,401,088 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/20 19:02:32 | 000,002,953 | ---- | M] () -- C:\Users\Roy\Desktop\HiJackThis.lnk
[2011/07/20 19:00:07 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1416222357-3293436042-2467257563-1000UA.job
[2011/07/20 04:00:02 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1416222357-3293436042-2467257563-1000Core.job
[2011/07/17 17:56:22 | 000,146,910 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/07/14 22:00:55 | 000,002,389 | ---- | M] () -- C:\Users\Roy\Desktop\Google Chrome.lnk
[2011/07/13 18:06:33 | 000,266,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/13 17:48:06 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/07/08 17:34:25 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/07 19:45:09 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/07 19:45:09 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/05 17:05:35 | 000,001,197 | ---- | M] () -- C:\Users\Roy\Desktop\c3 - Shortcut.lnk
[2011/07/02 00:31:39 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/07/01 23:37:37 | 000,042,049 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011/07/01 23:35:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/07/01 21:56:06 | 000,001,411 | ---- | M] () -- C:\Users\Roy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

========== Files Created - No Company Name ==========

[2011/07/21 16:19:11 | 122,962,473 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/07/20 19:02:32 | 000,002,953 | ---- | C] () -- C:\Users\Roy\Desktop\HiJackThis.lnk
[2011/07/17 17:56:22 | 000,146,910 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/07/08 17:34:25 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/05 18:40:50 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/07/05 17:30:20 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011/07/05 17:28:13 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/07/05 17:28:06 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2011/07/05 17:27:52 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2011/07/05 17:05:35 | 000,001,197 | ---- | C] () -- C:\Users\Roy\Desktop\c3 - Shortcut.lnk
[2011/07/02 03:57:41 | 000,002,389 | ---- | C] () -- C:\Users\Roy\Desktop\Google Chrome.lnk
[2011/07/02 03:55:33 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1416222357-3293436042-2467257563-1000UA.job
[2011/07/02 03:55:29 | 000,000,848 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1416222357-3293436042-2467257563-1000Core.job
[2011/07/02 00:31:39 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2011/07/02 00:31:37 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2011/07/01 23:37:29 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/07/01 23:37:21 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/07/01 23:35:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/07/01 23:32:45 | 797,401,088 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/01 22:15:56 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/07/01 21:56:06 | 000,001,411 | ---- | C] () -- C:\Users\Roy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/01 21:53:03 | 000,001,417 | ---- | C] () -- C:\Users\Roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/07/01 21:52:35 | 000,000,290 | ---- | C] () -- C:\Users\Roy\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/07/01 21:52:35 | 000,000,272 | ---- | C] () -- C:\Users\Roy\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,266,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,624,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,106,522 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/07/01 22:17:28 | 000,000,000 | ---D | M] -- C:\Users\Roy\AppData\Roaming\AVG10
[2011/07/20 06:35:08 | 000,000,000 | ---D | M] -- C:\Users\Roy\AppData\Roaming\uTorrent
[2011/07/01 22:21:08 | 000,000,000 | ---D | M] -- C:\Users\Roy\AppData\Roaming\x3watch
[2009/07/13 23:53:46 | 000,007,096 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
patndoris

patndoris

    Trusted Helper

  • Malware Removal
  • 228 posts
Hello and :)

My name is patndoris. I will be glad to take a look at your log and help you with solving any malware problems. It will be very helpful if you follow these guidelines:
  • Malware logs are often lengthy and can take a lot of time to research and interpret. Please be patient while I review your logs.
  • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
  • Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • Please follow my instructions carefully and in the order they are posted. You may also find it helpful to print out the instructions you receive.
  • Please do not run any scans or install/uninstall any applications or delete anything without being directed to do so.
  • Remember, absence of symptoms does not mean the infection is all gone. Please stick with me till you're given the "all clear".
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • Please reply within 3 days. If I do not hear back from you in that time frame, I will post a reminder for you. Topics with no reply in 4 days are closed!


I apologize for the delay in responding to your request for assistance.





Scan With RootKitUnHooker

  • Please choose one link and download Rootkit Unhooker and save it to your desktop.

    Link 1
    Link 2
    Link 3
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers and Stealth
  • Uncheck the rest. then click OK
  • When prompted to Select Disks for Scan, make sure C:/ is checked and click OK
  • Wait till the scanner has finished and then click File > Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in your next reply.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"






Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

  • 0

#3
boomerang531

boomerang531

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thank you for your time, here are the reports:

Unhooker Report:

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7601 (Service Pack 1)
Number of processors #2
==============================================
>Drivers
==============================================
0x8BC2F000 C:\Windows\system32\DRIVERS\igdkmd32.sys 5279744 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x81811000 C:\Windows\system32\ntoskrnl.exe 4206592 bytes (Microsoft Corporation, NT Kernel & System)
0x81811000 PnpManager 4206592 bytes
0x81811000 RAW 4206592 bytes
0x81811000 WMIxWDM 4206592 bytes
0x8E560000 Win32k 2416640 bytes
0x8E560000 C:\Windows\System32\win32k.sys 2416640 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8703E000 C:\Windows\System32\drivers\tcpip.sys 1351680 bytes (Microsoft Corporation, TCP/IP Driver)
0x86C70000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x8C247000 C:\Windows\system32\DRIVERS\athr.sys 1114112 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0x8C138000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x86E51000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x86912000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0xA1218000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0xA10D7000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x86832000 C:\Windows\system32\mcupdate_GenuineIntel.dll 544768 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x869BD000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x872E9000 C:\Windows\System32\Drivers\aswSnx.SYS 458752 bytes (AVAST Software, avast! Virtualization Driver)
0x8A089000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x86DDD000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x86F6B000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA1337000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0x8A2C3000 C:\Windows\system32\drivers\HdAudio.sys 327680 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0xA12E7000 C:\Windows\System32\DRIVERS\srv2.sys 327680 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8C37B000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x86AFE000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8A113000 C:\Windows\System32\Drivers\aswSP.SYS 303104 bytes (AVAST Software, avast! self protection module)
0x86A3C000 C:\Windows\system32\drivers\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA106E000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8A26E000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x868D0000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8A028000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x871C2000 C:\Windows\system32\drivers\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x86F08000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0xA11AA000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8C1EF000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0xA1009000 C:\Windows\system32\drivers\aswMonFlt.sys 229376 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
0x81C14000 ACPI_HAL 225280 bytes
0x81C14000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x86C2B000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8A22C000 C:\Windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8724E000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x87000000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x87188000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8A313000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x87209000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x86D9F000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x86A95000 C:\Windows\system32\drivers\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x86B74000 C:\Windows\system32\drivers\vmbus.sys 172032 bytes (Microsoft Corporation, Virtual Machine Bus)
0x87291000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x86F46000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x8A3A7000 C:\Windows\System32\Drivers\usbvideo.sys 147456 bytes (Microsoft Corporation, USB Video Class Driver)
0x86BB9000 C:\Windows\system32\drivers\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xA1187000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8A1BA000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA12B9000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x8A15D000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x87373000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8C228000 C:\Windows\system32\drivers\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x86FC5000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8E400000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x8A3E0000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xA11E5000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0xA1044000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xA115C000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8A342000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x8A0ED000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8C3D9000 C:\Windows\system32\drivers\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x8A1A2000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8A1DC000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8A1F4000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8A20B000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x873D2000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x8A38E000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x86B5E000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x86DCA000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xA10C4000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x86C0E000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x86B9E000 00000040 73728 bytes
0x8A190000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x8A17E000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0xA1175000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x86B9E000 C:\Windows\system32\drivers\winhv.sys 73728 bytes (Microsoft Corporation, Windows Hypervisor Interface Driver)
0x87280000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8A37D000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x86C5F000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8A2B2000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x86ACA000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x868B7000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x86BEF000 C:\Windows\system32\drivers\termdd.sys 69632 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x86FE4000 C:\Windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)
0xA105E000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x87236000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0xA10B4000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x86AEE000 C:\Windows\system32\drivers\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x8C361000 C:\Windows\system32\DRIVERS\L1E62x86.sys 61440 bytes (Atheros Communications, Inc., Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20))
0x8C3C6000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8A105000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x86C00000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x873C4000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x86B50000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x86E3A000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x8A260000 C:\Windows\system32\drivers\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x86A2E000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x8BC16000 C:\Windows\system32\drivers\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x8A35B000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8C3F1000 C:\Windows\system32\drivers\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8BC00000 C:\Windows\system32\drivers\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0xA12DA000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x87394000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8A07D000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x873E9000 C:\Windows\system32\DRIVERS\TDI.SYS 49152 bytes (Microsoft Corporation, TDI Wrapper)
0x87367000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x86AE3000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x8A368000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8A3D5000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x873B9000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8BC23000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8C370000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x86ABF000 C:\Windows\system32\drivers\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x8A373000 C:\Windows\System32\Drivers\dump_msahci.sys 40960 bytes
0x8A3CB000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x86BDC000 C:\Windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x8A073000 C:\Windows\system32\drivers\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8A069000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8A222000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0xA12AF000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8C357000 C:\Windows\system32\DRIVERS\vwifibus.sys 40960 bytes (Microsoft Corporation, Virtual WiFi Bus Driver)
0x86BE6000 C:\Windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x873F5000 C:\Windows\System32\Drivers\aswTdi.SYS 36864 bytes (AVAST Software, avast! TDI Filter Driver)
0xA13F3000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x86BB0000 C:\Windows\system32\drivers\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0xA1000000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x86E48000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8E7C0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x871B9000 C:\Windows\system32\drivers\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x8BC0D000 C:\Windows\system32\drivers\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x86A84000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x868C8000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x86ADB000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x87246000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x816A8000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x86A8D000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x873A1000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x873A9000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x873B1000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x87201000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x87360000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x86B49000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x87359000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x87037000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x87032000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0x8C3D5000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xA1041000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0x8C3FE000 C:\Windows\system32\drivers\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8A3A5000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================


Malwarebytes Anti-Malware Report:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7225

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

7/26/2011 10:47:30 PM
mbam-log-2011-07-26 (22-47-30).txt

Scan type: Quick scan
Objects scanned: 149697
Time elapsed: 11 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#4
patndoris

patndoris

    Trusted Helper

  • Malware Removal
  • 228 posts
Can you please tell me if you are experiencing the problem with ads on any site other than Facebook? Also, are you using a router?


This scan make take awhile depending on how many items are on the computer. You may want to run it at a time you won't be needing the machine. It should be run from IE and I'd recommend not doing anything else while it's running.


http://www.eset.eu/online-scanner
Go here to run an online scannner from ESET.
Click the green ESET Online Scanner button.
Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
Click on the Start button next to it.
You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
A new window will appear asking "Do you want to install this software?"".
Answer Yes to download and install the ActiveX controls that allows the scan to run.
Click Start.
Uncheck Remove found threats.
Click Scan to begin.
If offered the option to get information or buy software. Just close the window.
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic.
  • 0

#5
boomerang531

boomerang531

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
The ads are on youtube as well.
The scan did not seem to run well. It ran twice and reported no errors, but the logs were not recorded. At the end of both scans all I had in the log.txt was:

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
  • 0

#6
patndoris

patndoris

    Trusted Helper

  • Malware Removal
  • 228 posts
That's fine. That means it didn't find anything. I'm not seeing any evidence of malware on your computer. Let's try a couple of things to see if they help with the problem:

Please change your password for both accounts. It is possible that you are receiving spam as a result of compromised account security.



Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean



Please let me know if there is any improvement. Can you please confirm if you are using a router or not?
  • 0

#7
boomerang531

boomerang531

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Yes, I am using a router.
I used TFC and changed passwords and I still have the problem.
I am attaching a screenshot of the problem. (I know you didn't want logs as attachments, I hope screenshots are ok).screenshot.jpg
  • 0

#8
patndoris

patndoris

    Trusted Helper

  • Malware Removal
  • 228 posts
Have you downloaded anything that supposedly allows you to change the layout of your Facebook (such as the background)? I notice on the left column underneath Friends there appear to be 2 non-standard options about changing your background. You may have installed something that does more than what you anticipated. (Or it's possible it came bundled along with something else you downloaded as you mentioned).

Does this also happen in Internet Explorer and/or Firefox or just in Chrome?
  • 0

#9
boomerang531

boomerang531

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi,
I do not recall downloading anything that should change the background. I just checked my facebook in IE and there are no problems there.
  • 0

#10
patndoris

patndoris

    Trusted Helper

  • Malware Removal
  • 228 posts
If IE is ok, then we are dealing with something specific to Chrome. I don't see any icons for Facebook extensions in your screenshot, so I'm going to assume it's some kind of cookie issue within Chrome. Not all the tools we use address the Chrome directories so let's try using something a little different. (This is a free tool, one I like to run on a monthly basis to keep my system free from un-needed files).

Download and install CCleaner from the following link: CCleaner - Standard

During installation, uncheck the option to install the Yahoo toolbar.

  • Launch CCleaner from the desktop icon if it does not run after installation
  • Make sure the "Cleaner" Icon is selected (it's the very first one on the left hand pane)
  • DO NOT change any of the default settings
  • At the bottom of the screen click on the Analyze button
  • After it has finished analyzing your system, click on Run Cleaner button and allow it to remove all the files it has selected from your system. (You will want to make sure your browsers are closed when you do this or it will not clean them.)


Then go ahead and try your Facebook in Chrome again and let me know how it goes.
  • 0

Advertisements


#11
boomerang531

boomerang531

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I followed the instructions, the problem still persists.
  • 0

#12
patndoris

patndoris

    Trusted Helper

  • Malware Removal
  • 228 posts
I suspect we have something hiding in a location where normal tools aren't looking. Let's give Combofix a try and see if we are able to locate the problem.

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#13
patndoris

patndoris

    Trusted Helper

  • Malware Removal
  • 228 posts
After some additional research, I'd also like to have you try the following as well:

Copy and paste these lines in Notepad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0


Save as flush.bat to your desktop. Right-click and choose Run as Administrator on the file.
The computer will reboot itself.



Please post the Combofix log as well as telling me if the issues persists.
  • 0

#14
boomerang531

boomerang531

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I have followed both set of instructions, the problem still persists. Here is the Combofix log:

ComboFix 11-08-02.02 - Roy 08/02/2011 11:57:45.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1014.278 [GMT -5:00]
Running from: c:\users\Roy\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2011-07-02 to 2011-08-02 )))))))))))))))))))))))))))))))
.
.
2011-08-02 17:37 . 2011-08-02 17:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-02 16:39 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C97F3E8-F312-44B0-8C55-DDC72F84472F}\mpengine.dll
2011-07-31 23:36 . 2011-07-31 23:36 -------- d-----w- c:\program files\CCleaner
2011-07-31 04:20 . 2011-07-31 04:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-31 04:20 . 2011-07-31 04:20 -------- d-----w- c:\windows\system32\Macromed
2011-07-28 03:47 . 2011-07-28 03:47 -------- d-----w- c:\program files\ESET
2011-07-25 23:35 . 2011-05-25 00:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-07-25 03:56 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-25 03:56 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-25 03:56 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-25 03:56 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-25 03:56 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-25 03:56 . 2011-07-04 11:32 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-25 03:55 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-25 03:55 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-25 03:55 . 2011-07-25 03:55 -------- d-----w- c:\programdata\AVAST Software
2011-07-25 03:55 . 2011-07-25 03:55 -------- d-----w- c:\program files\AVAST Software
2011-07-23 21:08 . 2011-07-23 21:42 -------- d-----w- C:\sh4ldr
2011-07-23 21:08 . 2011-07-23 21:08 -------- d-----w- c:\program files\Enigma Software Group
2011-07-23 21:05 . 2011-07-23 21:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-07-22 00:03 . 2011-07-22 00:03 -------- d-----w- c:\users\Roy\AppData\Roaming\Malwarebytes
2011-07-22 00:03 . 2011-07-07 00:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-22 00:03 . 2011-07-22 00:03 -------- d-----w- c:\programdata\Malwarebytes
2011-07-22 00:03 . 2011-07-22 00:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-22 00:03 . 2011-07-07 00:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-21 21:18 . 2011-07-21 21:18 -------- d-----w- c:\users\Roy\AppData\Local\Diagnostics
2011-07-21 00:02 . 2011-07-21 00:02 388096 ----a-r- c:\users\Roy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-21 00:02 . 2011-07-21 00:02 -------- d-----w- c:\program files\Trend Micro
2011-07-20 22:51 . 2011-07-20 22:51 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2011-07-20 22:49 . 2011-07-20 23:18 -------- d-----w- c:\programdata\Rosetta Stone
2011-07-20 22:49 . 2011-07-20 22:49 -------- d-----w- c:\program files\Rosetta Stone
2011-07-20 22:33 . 2011-07-20 22:33 -------- d-----w- c:\program files\7-Zip
2011-07-20 22:28 . 2011-07-20 22:28 -------- d-----w- c:\program files\Object
2011-07-15 04:15 . 2011-07-20 22:10 -------- d-----w- c:\program files\uTorrent
2011-07-15 04:14 . 2011-07-31 23:39 -------- d-----w- c:\users\Roy\AppData\Roaming\uTorrent
2011-07-15 04:14 . 2011-07-15 04:14 -------- d-----w- c:\users\Roy\AppData\Local\uTorrent
2011-07-13 00:12 . 2011-03-25 02:57 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-07-08 22:35 . 2011-07-31 23:39 -------- d-----w- c:\users\Roy\AppData\Roaming\Skype
2011-07-08 22:34 . 2011-07-08 22:35 -------- d-----r- c:\program files\Skype
2011-07-08 22:34 . 2011-07-08 22:34 -------- d-----w- c:\programdata\Skype
2011-07-05 23:47 . 2011-07-05 23:49 -------- d-----w- c:\users\Roy\AppData\Roaming\Apple Computer
2011-07-05 23:47 . 2011-07-05 23:47 -------- d-----w- c:\users\Roy\AppData\Local\Apple Computer
2011-07-05 23:47 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-07-05 23:47 . 2011-07-05 23:47 -------- dc----w- c:\windows\system32\DRVSTORE
2011-07-05 23:47 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-07-05 23:45 . 2011-07-05 23:45 -------- d-----w- c:\program files\iPod
2011-07-05 23:45 . 2011-07-05 23:46 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-07-05 23:45 . 2011-07-05 23:46 -------- d-----w- c:\program files\iTunes
2011-07-05 23:42 . 2011-07-05 23:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-07-05 23:42 . 2011-07-05 23:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-07-05 23:42 . 2011-07-05 23:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-07-05 23:42 . 2011-07-05 23:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-07-05 23:42 . 2011-07-05 23:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-07-05 23:42 . 2011-07-05 23:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-07-05 23:42 . 2011-07-05 23:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-07-05 23:41 . 2011-07-05 23:42 -------- d-----w- c:\program files\QuickTime
2011-07-05 23:41 . 2011-07-05 23:45 -------- d-----w- c:\programdata\Apple Computer
2011-07-05 23:40 . 2011-07-05 23:40 -------- d-----w- c:\users\Roy\AppData\Local\Apple
2011-07-05 23:40 . 2011-07-05 23:40 -------- d-----w- c:\program files\Apple Software Update
2011-07-05 23:39 . 2011-07-05 23:39 -------- d-----w- c:\program files\Bonjour
2011-07-05 23:39 . 2011-07-05 23:45 -------- d-----w- c:\program files\Common Files\Apple
2011-07-05 23:39 . 2011-07-05 23:39 -------- d-----w- c:\programdata\Apple
2011-07-05 22:53 . 2011-07-05 22:54 -------- d-----w- c:\windows\system32\SPReview
2011-07-05 22:52 . 2011-07-05 22:53 -------- d-----w- c:\windows\system32\EventProviders
2011-07-05 22:31 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-07-05 22:31 . 2010-11-20 12:21 11776 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2011-07-05 22:31 . 2010-11-20 12:19 3215872 ----a-w- c:\windows\system32\mstscax.dll
2011-07-05 22:31 . 2010-11-20 10:24 52224 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2011-07-05 22:29 . 2010-11-20 12:21 1010688 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-07-05 22:28 . 2010-11-20 12:19 312832 ----a-w- c:\windows\system32\hgcpl.dll
2011-07-05 22:27 . 2010-11-20 12:20 8192 ----a-w- c:\windows\system32\spwmp.dll
2011-07-05 21:45 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-07-05 21:45 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-07-05 21:45 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-07-04 16:33 . 2011-07-04 16:33 -------- d-----w- c:\program files\Microsoft.NET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-05 23:16 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-05-28 02:53 . 2011-07-02 21:25 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 10:44 . 2011-07-02 21:32 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"x3watch"="c:\program files\X3watch\x3watch.exe" [2011-02-14 303104]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-02 1343400]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1416222357-3293436042-2467257563-1000Core.job
- c:\users\Roy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-02 08:54]
.
2011-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1416222357-3293436042-2467257563-1000UA.job
- c:\users\Roy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-02 08:54]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 208.59.247.45 208.59.247.46
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-02 12:44:12
ComboFix-quarantined-files.txt 2011-08-02 17:44
.
Pre-Run: 42,101,374,976 bytes free
Post-Run: 41,883,951,104 bytes free
.
- - End Of File - - 5D423C081FB309D9DDE1BD504F9A82F4
  • 0

#15
patndoris

patndoris

    Trusted Helper

  • Malware Removal
  • 228 posts
Can you please go to Control Panel, Programs and Features and see if you have a program called FaceTheme installed? If so, please uninstall it, reboot, and tell me if that takes care of the problem.

FaceTheme only works in Chrome and it is a Facebook background changer (remember those 2 extra "Change Background" options I noted in your screen shot?) and it is apparently known for serving up extra unwanted ads and causing the Chrome browser to behave in unwanted ways.

Let me know if you have this and are able to remove it.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP