Results 1 to 6 of 6
  1. #1
    Member
    Join Date
    Feb 2012
    Posts
    3
    Points
    0

    Post unable to delite a bad toolbar

    i try about everything i know to try to remove a toolbar name "fizz"toolbar wich i learn that is a bad malware ,hijacker,and more ,stiil no result so now i ,m asLogfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:32:42 AM, on 15/02/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\System32\setter.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Users\Alain\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = >>> 'Full Speed' Enabled <<<
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - (no file)
    R3 - URLSearchHook: (no name) - {ad708c09-d51b-45b3-9d28-4eba2681febf} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\Windows\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Setter] C:\Windows\System32\setter.exe
    O4 - HKCU\..\Run: [Helper] C:\Users\Alain\AppData\Roaming\VideoLAN\installconfirm.exe
    O4 - HKCU\..\Run: [Animated Wallpaper] C:\Program Files\DesktopAnimated\Beautiful Fishing Lake Animated Wallpaper\Beautiful Fishing Lake.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2201BEF5-27A1-4D53-BBC4-C5CCDD7DC50E}: NameServer = 8.8.8.8,8.8.4.4
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2201BEF5-27A1-4D53-BBC4-C5CCDD7DC50E}: NameServer = 8.8.8.8,8.8.4.4
    O17 - HKLM\System\CS2\Services\Tcpip\..\{2201BEF5-27A1-4D53-BBC4-C5CCDD7DC50E}: NameServer = 8.8.8.8,8.8.4.4
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: SrvAd - Unknown owner - C:\Users\Alain\AppData\Roaming\Microsoft\Windows\AdvService.exe

    --
    End of file - 4955 bytes
    king help to try resolve this headacke ,and i include my hyjackthis log cuz i dont know nothing about those analize result

  2. #2
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello and welcome to Help2Go

    We apologize for the delay in responding to your request for help. Here at Help2Go we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

    Please take note:

    1. If you have since resolved the original problem you were having, we would appreciate you letting us know.
    2. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
      • If you are unsure about any of these characteristics just post what you can and we will guide you.
    3. Please tell us if you have your original Windows CD/DVD available.
    4. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
    5. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
    6. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
    7. If you have already posted a DDS log, please do so again, as your situation may have changed.
    8. Use the 'Add Reply' and add the new log to this thread.


    We need to see some information about what is happening in your machine. Please perform the following scan again:

    • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    • Notepad will open with the results.
    • Follow the instructions that pop up for posting the results.
    • Close the program window, and delete the program from your desktop.
    Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

    Information on A/V control HERE


    We also need a new log from the GMER anti-rootkit Scanner.

    Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Then proceed to run aswMbr.exe as noted below.

    Please first disable any CD emulation programs using the steps found in this topic:

    Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:


    Note:
    If you are unable to run a Gmer scan due the fact you are running a 64bit machine please run the following tool and post its log.

    Please download aswMBR ( 511KB ) to your desktop.
    • Double click the aswMBR.exe icon to run it
    • Click the Scan button to start the scan
    • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.




    Thanks and again sorry for the delay.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  3. #3
    Member
    Join Date
    Feb 2012
    Posts
    3
    Points
    0

    Default

    sorry, i,m just trying to zip this thing the dds... and i will try again to reply ,sorry i,m not too good with computer

  4. #4
    Member
    Join Date
    Feb 2012
    Posts
    3
    Points
    0

    Default my result of trying to reply with is the best i can do i dont know much about compute

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by Alain at 11:50:36 on 2012-02-15
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.894.370 [GMT -8:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Users\Alain\AppData\Roaming\Microsoft\Windows\AdvService.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.ca/
    uWindow Title = >>> 'Full Speed' Enabled <<<
    uSearch Bar = hxxp://www.google.com
    mSearch Bar = hxxp://www.google.com
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {37483B40-C254-4A72-BDA4-22EE90182C1E} - No File
    TB: {AD708C09-D51B-45B3-9D28-4EBA2681FEBF} - No File
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Animated Wallpaper] c:\program files\desktopanimated\beautiful fishing lake animated wallpaper\Beautiful Fishing Lake.exe
    mRun: [DXM6Patch_981116] c:\windows\p_981116.exe /Q:A
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    TCP: DhcpNameServer = 64.59.144.16 64.59.144.17 64.59.150.132
    TCP: Interfaces\{2201BEF5-27A1-4D53-BBC4-C5CCDD7DC50E} : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{2201BEF5-27A1-4D53-BBC4-C5CCDD7DC50E} : DhcpNameServer = 64.59.144.16 64.59.144.17 64.59.150.132
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-14 652360]
    R2 SrvAd;SrvAd;c:\users\alain\appdata\roaming\microsoft\windows\AdvService.exe [2012-2-2 421888]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-14 20464]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-31 136176]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family;c:\windows\system32\drivers\cben5.sys [2002-2-26 50498]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-31 136176]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-1-27 15872]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-1-27 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-1-26 1343400]
    .
    =============== Created Last 30 ================
    .
    2012-02-15 16:36:30 -------- d-sh--w- C:\$RECYCLE.BIN
    2012-02-15 12:41:40 478720 ----a-w- c:\windows\system32\timedate.cpl
    2012-02-15 12:41:32 690688 ----a-w- c:\windows\system32\msvcrt.dll
    2012-02-15 12:41:23 442880 ----a-w- c:\windows\system32\ntshrui.dll
    2012-02-15 12:41:20 2343424 ----a-w- c:\windows\system32\win32k.sys
    2012-02-15 05:45:43 -------- d-----w- c:\users\alain\appdata\local\ElevatedDiagnostics
    2012-02-15 03:48:14 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-15 03:48:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-14 15:42:19 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{30bab0aa-1f7e-44da-ac1f-79758a5416b8}\mpengine.dll
    2012-02-08 01:49:34 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
    2012-02-08 01:49:34 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
    2012-02-08 01:49:34 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
    2012-02-08 01:49:34 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
    2012-02-08 01:49:34 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
    2012-02-08 01:49:34 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
    2012-02-08 01:49:33 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
    2012-02-08 01:49:32 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
    2012-02-08 01:00:54 98304 ----a-w- c:\windows\system32\redmonnt.dll
    2012-02-08 01:00:52 -------- d-----w- c:\program files\FoxTabPDFConverter
    2012-02-07 01:54:52 -------- d-----w- c:\users\alain\appdata\local\SoundSpectrum
    2012-02-07 01:21:53 -------- d-----w- c:\windows\system32\appmgmt
    2012-02-06 22:53:05 -------- d-----w- c:\program files\VideoLAN
    2012-02-06 22:52:25 184320 ----a-w- c:\windows\system32\setter.exe
    2012-02-06 22:52:19 856064 ----a-w- c:\windows\system32\078.dll
    2012-02-06 22:51:57 -------- d-----w- c:\users\alain\appdata\roaming\VideoLAN
    2012-02-06 22:29:50 -------- d-----w- c:\users\alain\Incomplete
    2012-02-06 22:29:27 -------- d-----w- c:\users\alain\appdata\roaming\BitTorrent MP3
    2012-02-06 22:26:32 -------- d-----w- c:\program files\BitTorrent MP3
    2012-02-06 22:20:17 -------- d-----w- c:\users\alain\appdata\local\Babylon
    2012-02-06 22:20:15 -------- d-----w- c:\users\alain\appdata\roaming\Babylon
    2012-02-06 22:20:15 -------- d-----w- c:\programdata\Babylon
    2012-02-06 22:20:14 -------- d-----w- c:\program files\FoxTabMusicConverter
    2012-02-06 22:16:32 -------- d-----w- c:\users\alain\Shared
    2012-02-06 22:16:32 -------- d-----w- c:\users\alain\appdata\roaming\LimeWire Music
    2012-02-06 22:16:32 -------- d-----w- c:\programdata\LimeWire Music
    2012-02-06 22:16:30 -------- d-----w- c:\program files\LimeWire Music
    2012-02-06 22:09:15 -------- d-----w- c:\users\alain\appdata\local\Lime PRO
    2012-02-06 21:47:03 -------- d-----w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
    2012-02-06 20:00:48 -------- d-----w- c:\users\alain\appdata\roaming\Video Wallpaper
    2012-02-04 08:39:12 -------- d-----w- c:\program files\CCleaner
    2012-02-04 07:52:52 -------- d-----w- c:\users\alain\appdata\local\DFX
    2012-02-04 07:46:59 -------- d-----w- c:\programdata\DFX
    2012-02-04 07:46:54 -------- d-----w- c:\program files\common files\DFX
    2012-02-03 20:33:23 -------- d-----w- c:\program files\Xircom
    2012-02-03 19:43:24 -------- d-----w- C:\Xircom
    2012-02-03 19:29:30 -------- d-----w- c:\programdata\PC Drivers HeadQuarters Inc
    2012-02-03 19:26:29 -------- d-----w- c:\users\alain\appdata\roaming\GetRightToGo
    2012-02-03 18:50:05 -------- d-----w- c:\windows\'Full Speed' Internet Booster + Performance Tests
    2012-02-03 18:50:04 -------- d-----w- c:\program files\'Full Speed' Internet Booster + Performance Tests
    2012-02-02 19:07:30 421888 ----a-w- c:\users\alain\appdata\roaming\microsoft\windows\AdvService.exe
    2012-02-02 07:57:55 -------- d-----w- c:\windows\rescache
    2012-02-01 22:13:42 -------- d-----w- c:\users\alain\appdata\roaming\Malwarebytes
    2012-02-01 22:13:31 -------- d-----w- c:\programdata\Malwarebytes
    2012-02-01 07:15:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-01-31 22:04:13 805376 ----a-w- c:\windows\system32\FntCache.dll
    2012-01-31 22:04:13 739840 ----a-w- c:\windows\system32\d2d1.dll
    2012-01-31 22:04:13 1076736 ----a-w- c:\windows\system32\DWrite.dll
    2012-01-31 18:19:16 -------- d-----w- c:\programdata\iolo
    2012-01-31 16:07:56 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
    2012-01-31 16:07:55 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
    2012-01-31 16:05:06 -------- d-----w- c:\program files\common files\PX Storage Engine
    2012-01-31 15:34:18 6600192 ----a-w- c:\windows\system32\LicProtector310.exe
    2012-01-31 15:33:56 -------- d-----w- c:\users\alain\appdata\local\PackageAware
    2012-01-31 14:48:47 -------- d-----w- c:\users\alain\appdata\local\Adobe
    2012-01-31 12:29:56 -------- d-----w- c:\users\alain\appdata\local\Google
    2012-01-31 10:29:19 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-01-31 10:29:19 369352 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-01-31 10:29:19 314880 ----a-w- c:\windows\system32\webio.dll
    2012-01-31 10:29:19 22528 ----a-w- c:\windows\system32\lsass.exe
    2012-01-31 10:29:19 224768 ----a-w- c:\windows\system32\schannel.dll
    2012-01-31 10:29:19 22016 ----a-w- c:\windows\system32\secur32.dll
    2012-01-31 10:29:19 15872 ----a-w- c:\windows\system32\sspisrv.dll
    2012-01-31 10:29:19 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-01-31 10:29:19 1038848 ----a-w- c:\windows\system32\lsasrv.dll
    2012-01-31 10:29:19 100352 ----a-w- c:\windows\system32\sspicli.dll
    2012-01-30 04:07:30 2314332 ----a-w- c:\windows\system32\LIBMMD.DLL
    2012-01-30 04:07:29 647872 ----a-w- c:\windows\system32\mscomct2.ocx
    2012-01-30 04:07:29 120320 ----a-w- c:\windows\system32\comdlg32.ocx
    2012-01-30 04:07:29 115920 ----a-w- c:\windows\system32\msinet.ocx
    2012-01-30 03:33:14 -------- d-----w- c:\program files\Conduit
    2012-01-30 03:33:07 -------- d-----w- c:\users\alain\appdata\local\Conduit
    2012-01-30 03:26:03 -------- d-----w- c:\program files\NCH Software
    2012-01-29 11:32:05 -------- d-----w- c:\windows\system32\SPReview
    2012-01-29 11:30:35 -------- d-----w- c:\windows\system32\EventProviders
    2012-01-28 21:13:05 -------- d-----w- c:\program files\common files\Logitech
    2012-01-28 21:13:03 306688 ----a-w- c:\windows\IsUninst.exe
    2012-01-28 21:12:46 -------- d-----w- c:\program files\Windows Media Components
    2012-01-28 20:57:40 221184 ------w- c:\program files\common files\installshield\iscript\iscript.dll
    2012-01-28 20:57:39 53248 ------w- c:\program files\common files\installshield\engine\6\intel 32\msihook.dll
    2012-01-28 20:57:39 32768 ------w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
    2012-01-28 20:57:39 126976 ------w- c:\program files\common files\installshield\engine\6\intel 32\knlwrap.exe
    2012-01-28 20:57:38 217088 ------w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
    2012-01-28 20:57:36 114688 ------w- c:\program files\common files\installshield\engine\6\intel 32\scpthdlr.dll
    2012-01-27 23:03:45 -------- d-----w- c:\windows\SpeedItup Free
    2012-01-27 23:03:45 -------- d-----w- c:\program files\SpeedItup Free
    2012-01-27 15:48:22 -------- d-----w- C:\a80eda7581cc2580e9
    2012-01-27 13:29:28 -------- d-----w- c:\users\alain\appdata\local\Diagnostics
    2012-01-27 13:09:59 74240 ----a-w- c:\windows\system32\fsutil.exe
    2012-01-27 13:09:59 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
    2012-01-27 13:01:59 456192 ----a-w- c:\windows\system32\spinstall.exe
    2012-01-27 13:00:59 372736 ----a-w- c:\program files\common files\system\ado\msadox.dll
    2012-01-27 12:59:59 82432 ----a-w- c:\windows\system32\dot3cfg.dll
    2012-01-27 12:58:59 9728 ----a-w- c:\windows\system32\sscore.dll
    2012-01-27 12:57:21 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
    2012-01-27 12:57:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
    2012-01-27 12:57:21 189952 ----a-w- c:\program files\windows portable devices\sqmapi.dll
    2012-01-27 12:56:50 189952 ----a-w- c:\windows\system32\sqmapi.dll
    2012-01-27 11:05:22 -------- d-----w- C:\33cb7059ec0091c341d6191f
    2012-01-27 10:13:37 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
    2012-01-27 07:15:14 -------- d-sh--w- c:\windows\Installer
    2012-01-26 18:17:00 -------- d-----w- c:\windows\system32\Wat
    2012-01-26 17:22:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-26 15:57:59 0 ----a-w- c:\windows\ativpsrm.bin
    2012-01-26 14:46:59 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-01-26 14:46:35 708608 ----a-w- c:\program files\common files\system\wab32.dll
    2012-01-26 14:46:18 75776 ----a-w- c:\windows\system32\psisrndr.ax
    2012-01-26 14:46:18 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2012-01-26 14:46:18 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
    2012-01-26 14:46:18 465408 ----a-w- c:\windows\system32\psisdecd.dll
    2012-01-26 14:46:18 204288 ----a-w- c:\windows\system32\MSNP.ax
    2012-01-26 14:46:05 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2012-01-26 14:46:05 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2012-01-26 14:46:05 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2012-01-26 14:46:02 542208 ----a-w- c:\windows\system32\kerberos.dll
    2012-01-26 14:44:50 850944 ----a-w- c:\windows\system32\sbe.dll
    2012-01-26 14:43:55 219136 ----a-w- c:\windows\system32\d3d10_1core.dll
    2012-01-26 14:43:54 161792 ----a-w- c:\windows\system32\d3d10_1.dll
    2012-01-26 14:43:51 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
    2012-01-26 14:43:44 123904 ----a-w- c:\windows\system32\poqexec.exe
    2012-01-26 14:43:39 1137664 ----a-w- c:\windows\system32\mfc42.dll
    2012-01-26 14:43:38 1164288 ----a-w- c:\windows\system32\mfc42u.dll
    2012-01-26 14:43:35 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2012-01-26 14:38:12 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-26 14:26:49 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2012-01-26 14:26:49 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2012-01-26 14:26:49 107520 ----a-w- c:\windows\system32\cdd.dll
    2012-01-26 13:51:26 -------- d-----w- c:\windows\system32\wbem\Performance
    2012-01-26 13:47:55 -------- d-sh--w- C:\Recovery
    2012-01-26 13:32:46 -------- d-----w- c:\windows\Panther
    2012-01-26 13:32:28 -------- d-sh--w- C:\Boot
    .
    ==================== Find3M ====================
    .
    2012-01-29 11:44:56 152576 ----a-w- c:\windows\system32\msclmd.dll
    2012-01-28 21:14:41 4608 ----a-w- c:\windows\system32\w95inf32.dll
    2012-01-28 21:14:41 2272 ----a-w- c:\windows\system32\w95inf16.dll
    2012-01-28 21:14:24 24064 ----a-w- c:\windows\system32\prefscpl.cpl
    2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
    2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
    2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-12-06 20:31:08 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
    2011-12-06 20:31:08 1998168 ----a-w- c:\windows\system32\d3dx9_43.dll
    2011-11-19 14:01:00 67072 ----a-w- c:\windows\system32\packager.dll
    .
    ============= FINISH: 11:52:15.41 ===============

  5. #5
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,


    Did you run Gmer? Did you run aswMBR? If you cant zip a file just copy and paste it in your reply. If you have to use multiple posts to post it all that is ok also.

    The things I need to see are:
    Gmer log
    AswMBR log
    Attach.txt
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  6. #6
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello.

    There had been no reply from the topic starter in 5 days. Due to inactivity, this topic is now closed.
    If you are the topic starter and need this topic reopened, send me a message.

    Everyone else, please begin a new topic.

    With Regards,
    fireman4it
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-