Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

win-32-downloader-plx [Solved]

Started by chelsearick64 , Jul 22 2012 07:00 PM

  • This topic is locked This topic is locked

#16
chelsearick64
Posted 26 July 2012 - 06:05 PM

chelsearick64

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Thanks for sticking with me. No change after restarting.



Combofix log:

ComboFix 12-07-27.02 - Rick 07/26/2012 19:25:15.2.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3893.2301 [GMT -4:00]
Running from: c:\users\Rick\Desktop\ComboFix.exe
Command switches used :: c:\users\Rick\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys --> c:\windows\System32\drivers\afd.sys
c:\windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_f6092d1fe18dc440\MPSSVC.dll --> c:\windows\System32\mpssvc.dll
c:\windows\winsxs\amd64_microsoft-windows-safedocs-main_31bf3856ad364e35_6.1.7600.16385_none_80feadf380799a73\sdrsvc.dll --> c:\windows\System32\SDRSVC.dll
c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys --> c:\windows\System32\Drivers\tcpip.sys
.
((((((((((((((((((((((((( Files Created from 2012-06-26 to 2012-07-26 )))))))))))))))))))))))))))))))
.
.
2012-07-25 22:34 . 2012-07-25 22:34 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F419C0D6-A6DA-4DD4-967B-797E38455D25}\offreg.dll
2012-07-24 23:20 . 2012-07-24 23:21 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2012-07-24 23:19 . 2008-05-08 05:03 303616 ----a-w- C:\SetACL.exe
2012-07-24 22:57 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe
2012-07-24 22:56 . 2012-07-24 22:56 -------- d-----w- C:\Reg_Backup
2012-07-24 22:20 . 2012-07-24 23:32 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-07-24 22:19 . 2012-07-24 23:26 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-07-24 22:19 . 2012-07-24 22:19 -------- d-----w- c:\program files (x86)\Tweaking.com
2012-07-23 09:36 . 2012-07-23 09:36 -------- d-----w- C:\_OTL
2012-07-20 20:00 . 2012-07-20 20:00 -------- d-----w- c:\users\Gabby\AppData\Local\Google
2012-07-20 07:56 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F419C0D6-A6DA-4DD4-967B-797E38455D25}\mpengine.dll
2012-07-16 22:47 . 2012-07-16 22:47 -------- d-----w- c:\windows\system32\appmgmt
2012-07-13 23:11 . 2012-07-13 23:11 -------- d-----w- C:\_OTM
2012-07-12 17:07 . 2012-07-12 17:07 -------- d-----w- c:\users\Misty\AppData\Local\Google
2012-07-11 18:36 . 2012-06-09 05:30 14165504 ----a-w- c:\windows\system32\shell32.dll
2012-07-11 13:48 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 13:48 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 13:47 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-09 13:41 . 2012-07-09 13:41 -------- d-----w- c:\users\Rick\AppData\Roaming\Malwarebytes
2012-07-09 13:41 . 2012-07-09 13:41 -------- d-----w- c:\programdata\Malwarebytes
2012-07-09 13:41 . 2012-07-12 15:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-09 13:41 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 16:35 . 2012-04-04 00:32 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 16:35 . 2011-05-14 19:27 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 13:43 . 2010-12-13 02:17 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 16:21 . 2012-03-25 20:46 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2011-07-27 23:08 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2011-07-27 23:08 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2011-07-27 23:08 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2011-07-27 23:08 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2011-07-27 23:08 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2011-07-27 23:08 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2011-07-27 23:08 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-03 16:21 . 2011-07-27 23:08 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-02 22:19 . 2012-06-22 09:13 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 09:14 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 09:14 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 09:14 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 09:13 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 09:14 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 09:13 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-22 09:13 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-22 09:13 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 16:25 . 2010-12-16 02:08 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-15 03:56 . 2012-06-14 17:34 1197568 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:52 . 2012-06-14 17:33 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:08 . 2012-06-14 17:34 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-05 14:28 . 2012-05-05 14:29 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-05 14:28 . 2010-12-01 10:28 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-04 10:52 . 2012-06-14 17:35 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:08 . 2012-06-14 17:35 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08 . 2012-06-14 17:35 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32 . 2012-06-14 17:35 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:50 . 2012-06-14 17:22 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-23_10.23.55 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-07-23 10:09 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-26 23:11 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-23 10:09 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-26 23:11 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-26 23:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-23 10:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-01 10:50 . 2012-07-26 23:14 71944 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-26 23:14 34892 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-12-10 00:08 . 2012-07-22 21:13 14364 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3968150890-658833355-413344200-1003_UserData.bin
+ 2010-12-10 00:08 . 2012-07-24 01:31 14364 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3968150890-658833355-413344200-1003_UserData.bin
+ 2010-12-13 17:03 . 2012-07-25 14:25 14340 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3968150890-658833355-413344200-1001_UserData.bin
+ 2010-12-08 09:14 . 2012-07-26 23:14 18878 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3968150890-658833355-413344200-1000_UserData.bin
+ 2010-12-01 10:31 . 2012-07-26 23:13 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-01 10:31 . 2012-07-23 10:07 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-01 10:31 . 2012-07-26 23:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-01 10:31 . 2012-07-23 10:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-23 10:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-26 23:13 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-10 02:02 . 2012-07-23 09:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-10 02:02 . 2012-07-24 22:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-10 02:02 . 2012-07-24 22:50 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-10 02:02 . 2012-07-23 09:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-10 02:02 . 2012-07-24 22:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-10 02:02 . 2012-07-23 09:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-10 02:02 . 2012-07-26 23:17 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-10 02:02 . 2012-07-23 10:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-10 02:02 . 2012-07-23 10:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-10 02:02 . 2012-07-26 23:17 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-07-23 09:40 . 2012-07-23 09:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-26 23:11 . 2012-07-26 23:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-26 23:11 . 2012-07-26 23:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-23 09:40 . 2012-07-23 09:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-12-08 09:40 . 2012-07-25 22:34 271676 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-07-26 23:24 624412 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-22 22:56 624412 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-22 22:56 106756 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-26 23:24 106756 c:\windows\system32\perfc009.dat
- 2009-07-14 04:45 . 2012-07-12 14:57 456448 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2012-07-24 23:34 456448 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 05:12 . 2012-07-24 23:06 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-07-23 10:07 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-07-23 09:39 417400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-26 09:46 417400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-12-09 20:53 . 2012-07-26 09:46 1673112 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-12-11 15:44 . 2012-07-25 23:20 1832408 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3968150890-658833355-413344200-1000-8192.dat
- 2009-07-14 02:34 . 2012-07-23 09:18 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-07-24 23:30 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 15:28 1307928 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apple"="c:\users\Rick\AppData\Local\Apple\evyqvjrt.dll" [2012-03-18 300544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [BU]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
c:\users\Misty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
c:\users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-11 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-21 35104]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-09-27 35840]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-11 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-01-19 315664]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-05-07 245792]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-09 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2009-09-16 403456]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2009-09-16 907264]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [2009-09-16 71168]
S3 bpmp;bpmp;c:\windows\system32\DRIVERS\bpmp.sys [2009-09-16 174592]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [2009-09-16 81920]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-12-22 74280]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 16:35]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-11 21:18]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-11 21:18]
.
2012-06-27 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-07-26 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-07 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 413720]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2009-09-16 1437696]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-01-19 1926928]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: intuit.com\ttlc
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://usabhembma08.mail.gm.com/dwa85W.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\q83wwkc3.default-1342575141745\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
Completion time: 2012-07-26 19:48:37
ComboFix-quarantined-files.txt 2012-07-26 23:48
ComboFix2.txt 2012-07-23 10:39
ComboFix3.txt 2012-07-14 01:28
.
Pre-Run: 344,618,188,800 bytes free
Post-Run: 344,786,604,032 bytes free
.
- - End Of File - - E9A5B8B8A9C109EA7B368B5830DD6A3C
  • 0

Advertisements

#17
maliprog
Posted 26 July 2012 - 11:58 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Files
    netsh winsock reset /c
    netsh winsock reset catalog /c
    netsh int ip reset reset.log /c
    sc query afd /c
    sc query netbt /c
    sc query tcpip /c
    sc query IPSEC /c

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

  • 0

#18
chelsearick64
Posted 28 July 2012 - 02:55 PM

chelsearick64

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Thanks again - here's the OTL log:

========== OTL ==========
========== FILES ==========
< netsh winsock reset /c >
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
C:\Users\Rick\Desktop\cmd.bat deleted successfully.
C:\Users\Rick\Desktop\cmd.txt deleted successfully.
< netsh winsock reset catalog /c >
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
C:\Users\Rick\Desktop\cmd.bat deleted successfully.
C:\Users\Rick\Desktop\cmd.txt deleted successfully.
< netsh int ip reset reset.log /c >
Reseting Interface, OK!
Restart the computer to complete this action.
C:\Users\Rick\Desktop\cmd.bat deleted successfully.
C:\Users\Rick\Desktop\cmd.txt deleted successfully.
< sc query afd /c >
SERVICE_NAME: afd
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
C:\Users\Rick\Desktop\cmd.bat deleted successfully.
C:\Users\Rick\Desktop\cmd.txt deleted successfully.
< sc query netbt /c >
SERVICE_NAME: netbt
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
C:\Users\Rick\Desktop\cmd.bat deleted successfully.
C:\Users\Rick\Desktop\cmd.txt deleted successfully.
< sc query tcpip /c >
SERVICE_NAME: tcpip
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
C:\Users\Rick\Desktop\cmd.bat deleted successfully.
C:\Users\Rick\Desktop\cmd.txt deleted successfully.
< sc query IPSEC /c >
[SC] EnumQueryServicesStatus:OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Users\Rick\Desktop\cmd.bat deleted successfully.
C:\Users\Rick\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.54.0 log created on 07282012_163628
  • 0

#19
maliprog
Posted 29 July 2012 - 11:07 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please restart your system after this step and tell me do you have your connection now?
  • 0

#20
chelsearick64
Posted 30 July 2012 - 07:46 PM

chelsearick64

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Sorry I didn't include that.

No change after reboot, no wired connection, no wireless connection.
  • 0

#21
maliprog
Posted 30 July 2012 - 11:14 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Let's try this...

Download Complete Internet Repair
Unzip it to your desktop and run CIntRep.exe by double click.
Select all options and press GO! button
Restart your system and tell me is your internet connection back.
  • 0

#22
chelsearick64
Posted 31 July 2012 - 06:27 PM

chelsearick64

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Ran complete internet repair, restarted. No change, still no internet connection.
  • 0

#23
maliprog
Posted 01 August 2012 - 02:36 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
We need to reinstall all your network adapters.

  • Click Start and typing Device manager in the search bar
  • Click on Device manager to start program
  • In the Device Manager program, double-click the "Network adapters" option to see the Network drivers installed.
  • Write down names of all Network adapters in case something goes wrong
  • Right click on each sun-entry under Network Adapters and Uninstall
  • Confirm that you want to remove it
  • After you uninstall all Network adapters restart your system.

After restart your system will automatically find and install your network adapters. Test your connections after this step and let me know results.
  • 0

#24
chelsearick64
Posted 01 August 2012 - 08:37 PM

chelsearick64

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I uninstalled all the network adapters. After restart, non were reinstalled automatically. I found the drivers online and reinstalled. I have both wired and wireless internet access now. :thumbsup:

I'll let you know if any of the original symptoms show up again.
  • 0

#25
maliprog
Posted 01 August 2012 - 10:57 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
That is really good news! Test your system for one day. I'll prepare some cleanup for your system and remove my tools.
  • 0

Advertisements

#26
chelsearick64
Posted 02 August 2012 - 05:09 PM

chelsearick64

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Got an avast alert that it blocked "win32-downloader-pvu", then advised me to run a boot time scan to complete the cleaning. Should I do this?
  • 0

#27
maliprog
Posted 03 August 2012 - 01:37 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Yes. Do Avast boot scan and after the scan post log here for me so I can see results.
  • 0

#28
chelsearick64
Posted 03 August 2012 - 03:11 PM

chelsearick64

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Avast boot time log:

08/03/2012 05:13
Scan of all local drives

File C:\Qoobox\Quarantine\C\Users\Rick\AppData\Local\Apps\Adobe\tvzjqlnhf.dll.vir is infected by Win32:Malware-gen, Deleted
File C:\Toshiba Documents and Settings.7z|>Toshiba Documents and Settings\Rick\Application Data\Sun\Java\Deployment\cache\6.0\32\3c061da0-3406721c|>bpac\a$1.class is infected by Java:Agent-BJ [Expl], Delete: Error 42111 {The operation is not supported for this type of archive.}
File C:\Toshiba Documents and Settings.7z|>Toshiba Documents and Settings\Rick\Application Data\Sun\Java\Deployment\cache\6.0\32\3c061da0-3406721c|>bpac\a.class is infected by Java:Agent-BW [Trj], Delete: Error 42111 {The operation is not supported for this type of archive.}
File C:\Toshiba Documents and Settings.7z|>Toshiba Documents and Settings\Rick\Application Data\Sun\Java\Deployment\cache\6.0\32\3c061da0-3406721c|>bpac\b.class is infected by Java:Malware-gen [Trj], Delete: Error 42111 {The operation is not supported for this type of archive.}
File C:\Toshiba Documents and Settings.7z|>Toshiba Documents and Settings\Rick\Application Data\Sun\Java\Deployment\cache\6.0\32\3c061da0-3406721c|>bpac\KAVS.class is infected by Java:Agent-BM [Expl], Delete: Error 42111 {The operation is not supported for this type of archive.}
File C:\Toshiba Documents and Settings.7z|>Toshiba Documents and Settings\Rick\Local Settings\Temporary Internet Files\Content.IE5\1CAN7PXL\jugqezirytjpkqf[1].asx is infected by HTML:CVE-2010-1885-G [Expl], Delete: Error 42111 {The operation is not supported for this type of archive.}
Number of searched folders: 58561
Number of tested files: 1221715
Number of infected files: 6
  • 0

#29
maliprog
Posted 05 August 2012 - 04:36 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Avast found some infections inside 7z archives and infome us about it. Files inside this archives should be removed manually. Beside this do you have any problems now after this scans.
  • 0

#30
chelsearick64
Posted 05 August 2012 - 05:25 PM

chelsearick64

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Things seem pretty good. I haven't seen any other problems.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP