Results 1 to 5 of 5

Thread: I seem to have run into some kind of exploit or virus

  1. #1

    I seem to have run into some kind of exploit or virus

    Any help that could be offered on a problem I have run into would be much appreciated.

    I have run into something odd and impossible to get rid of. I had heard of a java exploit that sounded similar to what I am experiencing and can't seem to get rid of it. I can, however, work around it.

    Here is a description of what occurred. I received a redirect from a shoe manufacturer's page yesterday. Afterwards my screen went blank for a moment then returned to a blank IE screen set in full screen mode. Near the top of the screen it IE states that it stopped me from going to this site because it may be "malicious." However, I can not tab out of this screen or close it. The only thing I can do is hit ctrl+alt+del and either log off or shut down. It is also preventing me from using the task manager and booting into safe mode.

    My work around is such: If I log into my windows user I immediately hit ctrl+alt+del to bring up the user control menu. There, I wait about ten seconds until all my start up programs are finished loading up. Then I hit "cancel" and my computer operates as normal.

    I have done a DDS scan and can post the results here for you if needed.

    Once again, any help with this problem would be much appreciated. Attach1.txtDDS2.txt

  2. #2
    Ah, I attached my logs and I am now reading that I shouldn't. Sorry guys

  3. #3
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 4/9/2012 7:54:22 AM
    System Uptime: 9/18/2012 12:43:37 PM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0GDG8Y
    Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz | CPU 1 | 3001/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 917 GiB total, 874.372 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP65: 8/29/2012 2:09:13 PM - Scheduled Checkpoint
    RP66: 8/30/2012 9:57:37 AM - Configured RICS Enterprise POS
    RP67: 9/6/2012 3:23:56 PM - Scheduled Checkpoint
    RP68: 9/12/2012 10:15:36 AM - Configured RICS Enterprise POS
    RP69: 9/12/2012 7:11:11 PM - Windows Update
    RP70: 9/18/2012 9:51:12 AM - Removed Java(TM) 7 Update 1
    RP71: 9/18/2012 9:51:55 AM - Removed Java(TM) 7 Update 1 (64-bit)
    RP72: 9/18/2012 10:46:05 AM - Installed AVG 2013
    RP73: 9/18/2012 10:46:30 AM - Installed AVG 2013
    RP74: 9/18/2012 11:32:49 AM - Windows Modules Installer
    RP75: 9/18/2012 11:35:45 AM - Windows Modules Installer
    RP76: 9/18/2012 11:58:54 AM - Installed Java 7 Update 7
    RP77: 9/18/2012 12:48:16 PM - Windows Modules Installer
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.4) MUI
    Bejeweled 2 Deluxe
    Blackhawk Striker 2
    Blio
    Bounce Symphony
    Build-a-lot 2
    Cake Mania
    Chuzzle Deluxe
    Consumer In-Home Service Agreement
    Cozi
    D3DX10
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell DataSafe Online
    Dell Digital Delivery
    Dell Getting Started Guide
    Dell MusicStage
    Dell PhotoStage
    Dell VideoStage
    Diner Dash 2 Restaurant Rescue
    DirectX 9 Runtime
    Dora's World Adventure
    eBay
    Escape Whisper Valley (TM)
    Farm Frenzy
    FATE
    Final Drive Fury
    Final Drive Nitro
    Google Chrome
    High-Definition Video Playback
    Intel(R) Processor Graphics
    Java 7 Update 7
    Java Auto Updater
    Jewel Quest
    Jewel Quest Solitaire 2
    Junk Mail filter update
    Luxor
    McAfee SecurityCenter
    Mesh Runtime
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Silverlight
    Microsoft SQL Server Browser
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Namco All-Stars PAC-MAN
    Nero 10 Movie ThemePack Basic
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero Update
    Penguins!
    PhotoShowExpress
    Plants vs. Zombies - Game of the Year
    PlayReady PC Runtime x86
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    RICS Client Configuration Setup
    RICS Enterprise POS
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Burn
    Roxio Creator Starter
    Roxio Express Labeler 3
    Samantha Swift
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Skype™ 5.5
    Sonic CinePlayer Decoder Pack
    Spybot - Search & Destroy
    SyncUP
    TrustedID
    TrustedID IDMonitor Identity Protection
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update Installer for WildTangent Games App
    Virtual Villagers 4 - The Tree of Life
    Web Launcher
    Wedding Dash - Ready, Aim, Love!
    WildTangent Games
    WildTangent Games App (Dell Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Zinio Reader 4
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/18/2012 12:46:52 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    9/18/2012 12:46:52 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.
    9/18/2012 12:46:52 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.
    9/18/2012 12:45:52 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Shell Hardware Detection service, but this action failed with the following error: An instance of the service is already running.
    9/18/2012 12:45:52 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
    9/18/2012 12:44:52 PM, Error: Service Control Manager [7034] - The SoftThinks Agent Service service terminated unexpectedly. It has done this 1 time(s).
    9/18/2012 12:44:52 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    9/18/2012 12:44:52 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    9/18/2012 12:44:52 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    9/18/2012 12:44:52 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    9/18/2012 12:44:52 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    9/18/2012 12:44:52 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    9/18/2012 12:44:52 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    9/18/2012 12:44:52 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    9/18/2012 12:44:52 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    9/18/2012 12:44:52 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    9/18/2012 12:44:52 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    9/18/2012 12:44:52 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    9/18/2012 12:44:01 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    9/18/2012 12:42:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    9/18/2012 12:42:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    9/18/2012 12:41:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    9/18/2012 12:41:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    9/18/2012 12:41:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
    9/18/2012 12:41:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSDriver Avgldx64 Avgmfx64 discache spldr Wanarpv6
    9/18/2012 12:41:22 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
    9/18/2012 12:41:22 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
    9/18/2012 12:41:22 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/18/2012 12:40:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}
    9/18/2012 11:18:55 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    9/17/2012 6:57:04 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
    9/17/2012 6:30:43 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {C2BFE331-6739-4270-86C9-493D9A04CD38}. The error: "5" Happened while starting this command: C:\Windows\system32\igfxsrvc.exe -Embedding
    .
    ==== End Of File ===========================

  4. #4
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgi dsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
    R0 Avgloga;AVG Logging Driver;C:\Windows\system32\DRIVERS\avgloga.sys --> C:\Windows\system32\DRIVERS\avgloga.sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHl pa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIV ERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-8-20 5751928]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-8-20 184304]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
    R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-8-2 173056]
    R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
    R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-3-27 199272]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-3-27 210584]
    R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
    R2 MSSQL$RICSLOCAL;SQL Server (RICSLOCAL);C:\Program Files\Microsoft SQL Server\MSSQL10_50.RICSLOCAL\MSSQL\Binn\sqlservr.ex e [2010-4-3 61913952]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
    R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-9-18 1153368]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
    R2 tvnserver;TightVNC Server;C:\Program Files (x86)\ShowMyPCService\tvnserver.exe [2010-7-8 815704]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sy s --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftpla ylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftr edirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh .sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-3-27 1691848]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPl ayerUpdateService.exe [2012-5-25 250568]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-3-27 224704]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [2010-1-9 4925184]
    S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsus bflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
    S4 RsFx0150;RsFx0150 Driver;C:\Windows\system32\DRIVERS\RsFx0150.sys --> C:\Windows\system32\DRIVERS\RsFx0150.sys [?]
    S4 SQLAgent$RICSLOCAL;SQL Server Agent (RICSLOCAL);C:\Program Files\Microsoft SQL Server\MSSQL10_50.RICSLOCAL\MSSQL\Binn\SQLAGENT.EX E [2010-4-3 428384]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-09-18 16:43:14 -------- d-sh--w- C:\Users\NPPOS\%APPDATA%
    2012-09-18 15:59:36 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-09-18 15:59:24 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-18 15:19:06 -------- d-sh--w- C:\Windows\System32\%APPDATA%
    2012-09-18 15:17:12 -------- d-----w- C:\Windows\pss
    2012-09-18 14:55:26 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2012-09-18 14:55:26 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2012-09-18 14:48:03 -------- d-----w- C:\Users\NPPOS\AppData\Roaming\AVG2013
    2012-09-18 14:47:21 -------- d-----w- C:\Users\NPPOS\AppData\Roaming\TuneUp Software
    2012-09-18 14:46:52 -------- d--h--w- C:\$AVG
    2012-09-18 14:46:51 -------- d-----w- C:\ProgramData\AVG2013
    2012-09-18 14:46:22 -------- d-----w- C:\Program Files (x86)\AVG
    2012-09-18 14:44:06 -------- d--h--w- C:\ProgramData\Common Files
    2012-09-18 14:44:06 -------- d-----w- C:\Users\NPPOS\AppData\Local\MFAData
    2012-09-18 14:44:06 -------- d-----w- C:\Users\NPPOS\AppData\Local\Avg2013
    2012-09-18 14:44:06 -------- d-----w- C:\ProgramData\MFAData
    2012-09-17 22:23:36 -------- d-----w- C:\Users\NPPOS\AppData\Roaming\Task Scheduler
    2012-09-12 14:11:56 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
    2012-09-12 14:11:56 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
    2012-09-12 14:11:55 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
    2012-09-12 14:11:55 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2012-09-12 14:11:54 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-09-12 14:11:54 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-09-12 14:11:54 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-08-23 20:03:47 -------- d-----w- C:\ProgramData\PC-Doctor for Windows
    .
    ==================== Find3M ====================
    .
    2012-09-18 15:59:13 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-08-27 13:46:23 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-27 13:46:23 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-08-13 20:40:52 150880 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
    2012-08-10 08:52:38 199520 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
    2012-08-10 08:52:34 105312 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
    2012-08-10 08:52:16 40288 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
    2012-08-09 17:56:42 230240 ----a-w- C:\Windows\System32\drivers\avgloga.sys
    2012-08-09 17:56:34 60768 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
    2012-08-09 17:56:20 175968 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
    2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
    2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
    2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
    .
    ============= FINISH: 13:00:26.92 ===============

  5. #5
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    71
    Posts
    4,079
    Hi Liam,
    The first BIG problem I see is you have TWO anti-virus programs running and that is an absolute No-No. It will definitely not improve your protection but lessen it because they fight each other and allow infections to enter the computer. The one you installed yesterday, AVG 2013 is just a lousy security program also.
    You need to uninstall ALL of that program immediately. First of all go to Control Panel, Programs, Uninstall a Program and Uninstall AVG. Reboot the computer.
    Then download the AVG Removal Tool from this link and run it to be absolutely certain that it truly is completely removed from your system.

    http://www.avg.com/us-en/utilities

    Next please do the following:

    Please Download and Install CCleaner (Windows XP, 2K, 2003, 7 & Vista ONLY)

    http://www.piriform.com/ccleaner

    RUN CCleaner.
    Click on CCleaner to run it
    Where it says Select Files To Delete, Check the Select All Option, including your Recycle Bin.
    Click Empty Selected > OK
    f you use Firefox browser, do this also:
    Click Firefox at the top and choose Select All from the list.
    Click the Empty Selected button.
    NOTE : If you would like to keep your saved passwords, click No at the prompt.
    If you use Opera browser, do this also:
    Click Opera at the top and choose Select All from the list.
    Click the Empty Selected button.
    NOTE : If you would like to keep your saved passwords, click No at the prompt.
    Click Exit on the Main menu to close the program.

    Cleaning all temp files from the computer helps the scanners by eliminating the necessity of scanning temp files. Temp files are just that, temporary files, not needed and should be removed before the cleaning process begins.

    Next do the following:

    Please download Malwarebytes-Antimalware to your Desktop.


    http://majorgeeks.com/download.php?det=5756

    DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
    Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    If an update is found, it will download and install the latest version.
    Once the program has loaded, select Perform full scan, then click Scan.
    When the scan is complete, click OK, then Show Results to view the results.
    Be sure that everything is checked, and click Remove Selected.
    When MBA-M finishes, Notepad will open with the log. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
    REBOOT after running MBA-M!
    After the initial cleaning has been completed then come back here and post the MBA-M log in full.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •