0

Hi,

I recently purchased a new laptop (OS - Windows 7), on which my first action was to install google chrome. After which Internet Explorer has been opening by itself, straight to sites which my Norton Internet Security has been detecting as "malicious," and all adverts. Although this is not the end of the world, it is an inconvenience and seriously frustrating. My first thought was to run a security check through Norton, all risks detected were Cookies, and after deleting, the problem persisted.
I am almost computer illiterate, and the only possible cause i could think of was malware, however i thought this would be detected by my Norton Antivirus? I have searched my computer for well known programs linked with malware and nothing has come up.
Please help?!
I would appreciate simple english as I said, i am not the most computer savvy person in the world.

Many thanks.

2
Contributors
6
Replies
7
Views
7 Years
Discussion Span
Last Post by jholland1964
0

Hi, is this what you mean:


DDS (Ver_10-03-17.01) - NTFSX64
Run by Alex at 17:30:34.45 on 06/09/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2811.1009 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Users\Alex\AppData\Local\Temp\Iwk.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Local\Temp\Iwq.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Alex\Downloads\dds.scr
C:\Windows\system32\conhost.exe

Thanks.

0

Yes but that is only a partial DDS log, The log is much longer than that. Also especially need the Malwarebytes' Full scan log.
Please read and follow all of the instructions exactly as given on the Read Me sticky.
That is set up that way for a very good reason, so we can get as much information as possible. Partial logs or just one of the requested logs really give us nothing.

Edited by jholland1964: n/a

0

Oh okay, i didnt realise, apologies.

I hope this is what you need? :


============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton internet security\engine\17.7.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton internet security\engine\17.7.0.12\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn toolbar\platform\4.0.0369.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files (x86)\msn toolbar\platform\4.0.0369.0\npwinext.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton internet security\engine\17.7.0.12\coIEPlg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
uRun: [HPAdvisorDock] c:\program files (x86)\hewlett-packard\hp advisor\dock\HPAdvisorDock.exe
uRun: [LightScribe Control Panel] c:\program files (x86)\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\users\alex\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [uTorrent] "c:\program files (x86)\utorrent\uTorrent.exe"
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [MSN Toolbar] "c:\program files (x86)\msn toolbar\platform\4.0.0369.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files (x86)\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [NortonOnlineBackupReminder] "c:\program files (x86)\symantec\norton online backup\activation\NOBuActivation.exe" UNATTENDED
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Easybits Recovery] c:\program files (x86)\easybits for kids\ezRecover.exe
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - c:\windows\syswow64\EZUPBH~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"
BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO-X64: Windows Live Family Safety Browser Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [RTHDVCPL] c:\program files\realtek\audio\hda\RtkNGUI64.exe -s
mRun-x64: [RtkOSD] c:\program files (x86)\realtek\audio\osd\RtVOsd64.exe
mRun-x64: [HP Quick Launch] c:\program files\hewlett-packard\hp quick launch\HPMSGSVC.exe
mRun-x64: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun-x64: [HPWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\delayedappstarter.exe 120 c:\program files\hewlett-packard\hp wireless assistant\HPWA_Main.exe /hidden

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nisx64\1107000.00c\symds64.sys [2010-9-4 433200]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nisx64\1107000.00c\symefa64.sys [2010-9-4 221232]
R1 BHDrvx64;BHDrvx64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\20100810.004\BHDrvx64.sys [2010-8-10 945200]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nisx64\1107000.00c\cchpx64.sys [2010-9-4 615040]
R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\ipsdefs\20100903.003\IDSviA64.sys [2010-9-4 463408]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nisx64\1107000.00c\ironx64.sys [2010-9-4 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nisx64\1107000.00c\symtdiv.sys [2010-9-4 451120]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSr64.exe [2010-6-24 98208]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-3-29 202752]
R2 ezSharedSvc;Easybits Services for Windows;c:\windows\system32\ezsharedsvchost.exe --> c:\windows\system32\ezSharedSvcHost.exe [?]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\hewlett-packard\hp wireless assistant\HPWA_Service.exe [2010-1-27 102968]
R2 HPWMISVC;HPWMISVC;c:\program files\hewlett-packard\hp quick launch\HPWMISVC.exe [2010-1-18 20480]
R2 NIS;Norton Internet Security;c:\program files (x86)\norton internet security\engine\17.7.0.12\ccsvchst.exe [2010-9-4 126392]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2010-3-29 6405632]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-3-29 188928]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-9-4 132656]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2010-6-24 295424]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2010-6-24 38456]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-9-3 61288]
S3 fsssvc;Windows Live Family Safety Service;c:\program files (x86)\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28x.sys [2009-6-10 620544]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-4 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2009-6-10 389120]

=============== Created Last 30 ================

2010-09-05 18:03:11 0 d-----w- c:\users\alex\appdata\roaming\FrostWire
2010-09-05 18:02:49 0 d-----w- c:\program files (x86)\FrostWire
2010-09-04 22:46:39 0 d-----w- c:\program files (x86)\uTorrent
2010-09-04 22:43:51 0 d-----w- c:\users\alex\appdata\roaming\uTorrent
2010-09-04 17:43:22 0 d-----w- c:\program files (x86)\common files\Symantec Shared
2010-09-04 17:30:07 0 d-----w- c:\windows\syswow64\Wat
2010-09-04 17:30:06 0 d-----w- c:\windows\system32\Wat
2010-09-04 17:22:25 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
2010-09-04 17:22:25 49472 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-09-04 17:22:25 48960 ----a-w- c:\windows\system32\netfxperf.dll
2010-09-04 17:22:25 444752 ----a-w- c:\windows\system32\mscoree.dll
2010-09-04 17:22:25 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2010-09-04 17:22:25 297808 ----a-w- c:\windows\syswow64\mscoree.dll
2010-09-04 17:22:25 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe
2010-09-04 17:22:25 1942856 ----a-w- c:\windows\system32\dfshim.dll
2010-09-04 17:22:25 1130824 ----a-w- c:\windows\syswow64\dfshim.dll
2010-09-04 17:22:25 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-09-04 17:22:13 294912 ----a-w- c:\windows\system32\browserchoice.exe
2010-09-04 10:03:00 84992 ----a-w- c:\windows\system32\asycfilt.dll
2010-09-04 10:03:00 67584 ----a-w- c:\windows\syswow64\asycfilt.dll
2010-09-04 10:01:58 96768 ----a-w- c:\windows\syswow64\sspicli.dll
2010-09-04 10:01:58 22016 ----a-w- c:\windows\syswow64\secur32.dll
2010-09-04 10:01:58 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-09-04 10:01:58 1446912 ----a-w- c:\windows\system32\lsasrv.dll
2010-09-04 10:01:57 1877504 ----a-w- c:\windows\system32\msxml3.dll
2010-09-04 10:01:57 1233920 ----a-w- c:\windows\syswow64\msxml3.dll
2010-09-04 10:01:56 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-09-04 10:01:56 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-03 15:19:55 0 d-----w- c:\users\alex\Tracing
2010-09-03 15:13:46 61288 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-09-03 15:13:45 0 d-----w- c:\program files\Windows Live
2010-09-03 14:14:53 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-09-03 14:14:53 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2010-09-03 14:14:53 107368 ----a-w- c:\windows\syswow64\GEARAspi.dll
2010-09-03 14:14:21 0 d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-09-03 14:14:21 0 d-----w- c:\program files\iTunes
2010-09-03 14:14:21 0 d-----w- c:\program files\iPod
2010-09-03 14:14:21 0 d-----w- c:\program files (x86)\iTunes
2010-09-03 14:13:14 0 d-----w- c:\programdata\Apple Computer
2010-09-03 14:12:45 0 d-----w- c:\program files\common files\Apple
2010-09-03 14:12:32 0 d-----w- c:\program files\Bonjour
2010-09-03 14:12:32 0 d-----w- c:\program files (x86)\Bonjour
2010-09-03 14:12:25 0 d-----w- c:\programdata\Apple
2010-09-03 13:59:59 0 d-----w- c:\users\alex\appdata\roaming\HpUpdate
2010-09-03 13:56:02 854 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.INF
2010-09-03 13:56:02 7440 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.CAT
2010-09-03 13:56:02 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2010-09-03 13:56:02 0 d-----w- c:\program files\Symantec
2010-09-03 13:56:02 0 d-----w- c:\program files\common files\Symantec Shared
2010-09-03 13:46:51 220672 ----a-w- c:\windows\system32\wintrust.dll
2010-09-03 13:46:51 172032 ----a-w- c:\windows\syswow64\wintrust.dll
2010-09-03 13:46:51 139264 ----a-w- c:\windows\system32\cabview.dll
2010-09-03 13:46:51 132608 ----a-w- c:\windows\syswow64\cabview.dll
2010-08-10 04:15:58 94208 ----a-w- c:\windows\syswow64\QuickTimeVR.qtx
2010-08-10 04:15:58 69632 ----a-w- c:\windows\syswow64\QuickTime.qts

==================== Find3M ====================

2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-07-27 17:55:50 95520 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 17:55:50 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2010-07-27 17:55:50 237856 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-27 17:55:50 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-27 17:44:10 91424 ----a-w- c:\windows\syswow64\dnssd.dll
2010-07-27 17:44:10 75040 ----a-w- c:\windows\syswow64\jdns_sd.dll
2010-07-27 17:44:10 197920 ----a-w- c:\windows\syswow64\dnssdX.dll
2010-07-27 17:44:10 107808 ----a-w- c:\windows\syswow64\dns-sd.exe
2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-24 11:18:45 613888 ----a-w- c:\windows\system32\psisdecd.dll
2010-06-24 11:18:45 465408 ----a-w- c:\windows\syswow64\psisdecd.dll
2010-06-24 10:39:50 29480 ----a-w- c:\windows\syswow64\msxml3a.dll
2010-06-24 10:39:49 505128 ----a-w- c:\windows\syswow64\msvcp71.dll
2010-06-24 10:39:49 353576 ----a-w- c:\windows\syswow64\msvcr71.dll
2010-06-24 10:24:02 95472 ----a-w- c:\windows\system32\bcmwlcoi.dll
2010-06-24 10:24:02 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2010-06-24 10:24:02 3891200 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2010-06-24 10:24:02 3555840 ----a-w- c:\windows\system32\bcmihvui64.dll
2010-06-19 07:05:01 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:53:18 52224 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-06-19 06:23:50 37376 ----a-w- c:\windows\syswow64\rtutils.dll
2010-06-19 04:32:34 3122688 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 06:11:10 340992 ----a-w- c:\windows\system32\schannel.dll
2010-06-16 05:48:35 224256 ----a-w- c:\windows\syswow64\schannel.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-05-17 23:53:47 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 17:40:14.65 ===============

0

I also see two programs installed that must be removed as per our Read Me sticky:
Please Uninstall or Disable any P2P (peer-to-peer) programs on the infected computer before posting in this forum. Rather than write a long piece on the dangers of P2P, I’m just going to say this:

P2P software circumvents common-sense security measures and opens a user’s computer to a world of hurt.
Our regular volunteers' time is valuable and most are not willing to waste it on a machine that is almost certain to be reinfected in short order.
So, please remove or disable all P2P software for the duration of the cleaning process. Failure to do so may result in your thread being ignored.

Both Frostwire and uTorrent are installed on the computer. A likely reason for any infection. They must be removed for this thread to continue.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.