TechSpot

My computer was infected, but is it still?

By CrazyHorse
Jan 24, 2011
  1. Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5591

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 7.0.6001.18000

    24/01/2011 23:43:25
    mbam-log-2011-01-24 (23-43-25).txt

    Scan type: Quick scan
    Objects scanned: 150295
    Time elapsed: 1 minute(s), 28 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    DDS (Ver_10-12-12.02) - NTFS_AMD64
    Run by CrazyHorse at 0:34:53.47 on 25/01/2011
    Internet Explorer: 7.0.6001.18000
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.353.1033.18.4094.2539 [GMT 0:00]

    AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}

    ============== Running Processes ===============

    C:\PROGRA~2\AVG\AVG10\avgchsva.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\AVG\AVG10\avgfws.exe
    C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    C:\Windows\SysWOW64\svchost.exe -k netsvcs
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Program Files (x86)\AVG\AVG10\avgam.exe
    C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG10\avgemca.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\wuauclt.exe
    C:\PROGRA~2\AVG\AVG10\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
    C:\Users\CrazyHorse\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\CrazyHorse\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\CrazyHorse\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\CrazyHorse\Desktop\dds.scr
    C:\Windows\SysWOW64\conime.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=93&bd=Pavilion&pf=cndt
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=93&bd=Pavilion&pf=cndt
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=93&bd=Pavilion&pf=cndt
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=93&bd=Pavilion&pf=cndt
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    mWinlogon: Userinit=C:\WINDOWS\system32\userinit.exe
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
    uRun: [Google Update] "C:\Users\CrazyHorse\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
    mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    mRun: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
    mRun: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
    mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
    mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
    mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
    SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun-x64: [HP Remote Software] C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
    mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

    ============= SERVICES / DRIVERS ===============

    R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
    R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2010-7-12 57696]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032]
    R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/06/11 16:30:21];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-6-11 146928]
    R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2010-11-22 3226632]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
    R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [2008-1-21 27648]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 133712]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920]
    R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr28ux.sys [2011-1-18 804864]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-1-18 517448]
    S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-1-18 93184]
    S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-2-2 23536]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]

    =============== Created Last 30 ================

    2011-01-24 23:40:46 -------- d-----w- C:\Users\CRAZYH~1\AppData\Roaming\Malwarebytes
    2011-01-24 23:40:42 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-01-24 23:40:42 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2011-01-24 23:40:39 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-01-24 23:40:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-01-21 09:48:30 -------- d-----w- C:\Windows\SysWow64\wbem\Logs
    2011-01-21 06:58:20 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-01-20 22:13:58 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-01-19 13:49:56 -------- d-----w- C:\Users\CRAZYH~1\AppData\Roaming\WinBatch
    2011-01-19 08:24:51 294912 ----a-w- C:\Windows\System32\browserchoice.exe
    2011-01-18 18:18:24 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
    2011-01-18 18:18:24 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
    2011-01-18 18:18:24 48960 ----a-w- C:\Windows\System32\netfxperf.dll
    2011-01-18 18:18:24 444752 ----a-w- C:\Windows\System32\mscoree.dll
    2011-01-18 18:18:24 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
    2011-01-18 18:18:24 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
    2011-01-18 18:18:24 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
    2011-01-18 18:18:24 1942856 ----a-w- C:\Windows\System32\dfshim.dll
    2011-01-18 18:18:24 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
    2011-01-18 18:18:24 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
    2011-01-18 17:34:49 442368 ----a-w- C:\Windows\System32\winhttp.dll
    2011-01-18 17:34:48 378368 ----a-w- C:\Windows\SysWow64\winhttp.dll
    2011-01-18 17:34:43 28160 ----a-w- C:\Windows\System32\drivers\en-US\http.sys.mui
    2011-01-18 17:32:57 461824 ----a-w- C:\Windows\System32\drivers\srv.sys
    2011-01-18 17:32:57 179712 ----a-w- C:\Windows\System32\srvsvc.dll
    2011-01-18 17:32:57 144896 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2011-01-18 17:32:56 175104 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2011-01-18 17:32:54 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
    2011-01-18 17:32:54 12288 ----a-w- C:\Windows\System32\sscore.dll
    2011-01-18 17:32:53 17920 ----a-w- C:\Windows\SysWow64\netevent.dll
    2011-01-18 17:32:53 17920 ----a-w- C:\Windows\System32\netevent.dll
    2011-01-18 17:31:47 975360 ----a-w- C:\Windows\System32\inetcomm.dll
    2011-01-18 17:31:47 738816 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2011-01-18 14:21:06 -------- d-----w- C:\Users\CRAZYH~1\AppData\Roaming\AVG
    2011-01-18 14:11:53 -------- d-----w- C:\Users\CRAZYH~1\AppData\Roaming\AVG10
    2011-01-18 14:11:27 -------- d--h--w- C:\PROGRA~3\Common Files
    2011-01-18 14:11:04 -------- d-----w- C:\PROGRA~3\AVG Security Toolbar
    2011-01-18 14:10:35 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
    2011-01-18 14:09:39 -------- d-----w- C:\Windows\System32\drivers\AVG
    2011-01-18 14:09:39 -------- d-----w- C:\PROGRA~3\AVG10
    2011-01-18 14:08:32 -------- d-----w- C:\Program Files (x86)\AVG
    2011-01-18 13:50:33 316416 ----a-w- C:\Windows\System32\msshsq.dll
    2011-01-18 13:50:33 231936 ----a-w- C:\Windows\SysWow64\msshsq.dll
    2011-01-18 13:27:49 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
    2011-01-18 13:19:33 49160 ----a-w- C:\Windows\System32\infocardcpl.cpl
    2011-01-18 13:19:33 37384 ----a-w- C:\Windows\SysWow64\infocardcpl.cpl
    2011-01-18 13:19:31 11264 ----a-w- C:\Windows\SysWow64\icardres.dll
    2011-01-18 13:19:31 11264 ----a-w- C:\Windows\System32\icardres.dll
    2011-01-18 13:19:30 97800 ----a-w- C:\Windows\SysWow64\infocardapi.dll
    2011-01-18 13:19:30 781344 ----a-w- C:\Windows\SysWow64\PresentationNative_v0300.dll
    2011-01-18 13:19:30 622080 ----a-w- C:\Windows\SysWow64\icardagt.exe
    2011-01-18 13:19:30 167432 ----a-w- C:\Windows\System32\infocardapi.dll
    2011-01-18 13:19:30 1383936 ----a-w- C:\Windows\System32\icardagt.exe
    2011-01-18 13:19:30 1168928 ----a-w- C:\Windows\System32\PresentationNative_v0300.dll
    2011-01-18 13:19:26 126520 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
    2011-01-18 13:19:26 105016 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    2011-01-18 13:11:26 158720 ----a-w- C:\Windows\SysWow64\mscorier.dll
    2011-01-18 13:11:26 158208 ----a-w- C:\Windows\System32\mscorier.dll
    2011-01-18 13:11:24 83968 ----a-w- C:\Windows\SysWow64\mscories.dll
    2011-01-18 13:11:24 76288 ----a-w- C:\Windows\System32\mscories.dll
    2011-01-18 13:08:44 32768 ----a-w- C:\Windows\System32\nshhttp.dll
    2011-01-18 13:08:44 24064 ----a-w- C:\Windows\SysWow64\nshhttp.dll
    2011-01-18 13:08:43 610304 ----a-w- C:\Windows\System32\drivers\http.sys
    2011-01-18 13:08:43 33792 ----a-w- C:\Windows\System32\httpapi.dll
    2011-01-18 13:08:43 31232 ----a-w- C:\Windows\SysWow64\httpapi.dll
    2011-01-18 13:06:20 80896 ----a-w- C:\Windows\SysWow64\MSNP.ax
    2011-01-18 13:06:20 227328 ----a-w- C:\Windows\System32\mpg2splt.ax
    2011-01-18 13:06:20 177664 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
    2011-01-18 13:06:20 101376 ----a-w- C:\Windows\System32\MSNP.ax
    2011-01-18 13:06:18 375808 ----a-w- C:\Windows\System32\psisdecd.dll
    2011-01-18 13:06:18 293376 ----a-w- C:\Windows\SysWow64\psisdecd.dll
    2011-01-18 13:06:17 558592 ----a-w- C:\Windows\System32\EncDec.dll
    2011-01-18 13:06:17 428544 ----a-w- C:\Windows\SysWow64\EncDec.dll
    2011-01-18 13:06:17 289792 ----a-w- C:\Windows\System32\psisrndr.ax
    2011-01-18 13:06:17 217088 ----a-w- C:\Windows\SysWow64\psisrndr.ax
    2011-01-18 12:22:34 372736 ----a-w- C:\Windows\System32\unregmp2.exe
    2011-01-18 12:22:34 310784 ----a-w- C:\Windows\SysWow64\unregmp2.exe
    2011-01-18 12:22:34 1486848 ----a-w- C:\Program Files\Windows Media Player\setup_wm.exe
    2011-01-18 12:22:34 1418752 ----a-w- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
    2011-01-18 12:22:24 324608 ----a-w- C:\Windows\System32\PortableDeviceApi.dll
    2011-01-18 12:22:24 241152 ----a-w- C:\Windows\SysWow64\PortableDeviceApi.dll
    2011-01-18 12:22:22 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll
    2011-01-18 12:22:19 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
    2011-01-18 12:22:19 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll
    2011-01-18 12:22:19 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll
    2011-01-18 12:22:18 880640 ----a-w- C:\Windows\System32\timedate.cpl
    2011-01-18 12:22:18 714240 ----a-w- C:\Windows\SysWow64\timedate.cpl
    2011-01-18 12:21:54 176640 ----a-w- C:\Windows\System32\Faultrep.dll
    2011-01-18 12:21:53 147456 ----a-w- C:\Windows\SysWow64\Faultrep.dll
    2011-01-18 12:21:53 120832 ----a-w- C:\Windows\System32\wersvc.dll
    2011-01-18 12:15:59 317952 ----a-w- C:\Windows\SysWow64\MP4SDECD.DLL
    2011-01-18 12:15:59 295424 ----a-w- C:\Windows\System32\MP4SDECD.DLL
    2011-01-18 12:15:58 267776 ----a-w- C:\Windows\System32\spoolsv.exe
    2011-01-18 12:15:57 81920 ----a-w- C:\Windows\SysWow64\iccvid.dll
    2011-01-18 12:15:54 96256 ----a-w- C:\Windows\System32\fontsub.dll
    2011-01-18 12:15:54 72704 ----a-w- C:\Windows\SysWow64\fontsub.dll
    2011-01-18 12:15:54 48128 ----a-w- C:\Windows\System32\atmlib.dll
    2011-01-18 12:15:54 367104 ----a-w- C:\Windows\System32\atmfd.dll
    2011-01-18 12:15:54 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2011-01-18 12:15:54 292352 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2011-01-18 12:15:54 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
    2011-01-18 12:13:48 87552 ----a-w- C:\Windows\System32\consent.exe
    2011-01-18 12:11:40 9728 ----a-w- C:\Windows\SysWow64\TCPSVCS.EXE
    2011-01-18 12:10:52 368128 ----a-w- C:\Windows\System32\wmpdxm.dll
    2011-01-18 12:01:39 3765288 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2011-01-18 12:01:37 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{146A8F2D-C571-4B76-BD10-8127504CD2F3}\mpengine.dll
    2011-01-18 12:01:36 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2011-01-18 11:50:13 104960 ----a-w- C:\Windows\System32\cabview.dll
    2011-01-18 11:50:12 98304 ----a-w- C:\Windows\SysWow64\cabview.dll
    2011-01-18 11:50:01 218112 ----a-w- C:\Windows\System32\wintrust.dll
    2011-01-18 11:50:01 171520 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2011-01-18 11:49:11 -------- d-----w- C:\PROGRA~3\MFAData
    2011-01-18 11:44:34 -------- d-----w- C:\Users\CRAZYH~1\AppData\Local\Google
    2011-01-18 11:44:24 -------- d-----w- C:\Users\CRAZYH~1\AppData\Local\Deployment
    2011-01-18 11:44:24 -------- d-----w- C:\Users\CRAZYH~1\AppData\Local\Apps
    2011-01-18 11:37:38 804864 ----a-w- C:\Windows\System32\drivers\netr28ux.sys
    2011-01-18 11:37:38 305664 ----a-w- C:\Windows\System32\RaCoInstx.dll
    2011-01-18 11:37:38 -------- d-----w- C:\Program Files (x86)\Belkin
    2011-01-18 11:26:39 -------- d-----w- C:\Users\CRAZYH~1\AppData\Local\ATI
    2011-01-18 11:25:42 -------- d-----w- C:\Users\CRAZYH~1\AppData\Local\Hewlett-Packard
    2011-01-18 11:25:19 -------- d-----w- C:\Users\CRAZYH~1\AppData\Local\VirtualStore
    2011-01-18 11:25:14 -------- d-----w- C:\Users\CRAZYH~1\AppData\Local\Hewlett-Packard_Company
    2011-01-18 11:22:23 -------- d-----w- C:\Users\CRAZYH~1\AppData\Roaming\HP TCS
    2011-01-18 11:16:52 -------- d-sh--we C:\Documents and Settings

    ==================== Find3M ====================

    2011-01-18 12:53:54 588472 ----a-w- C:\Windows\SysWow64\ezsvc7x.dll
    2010-12-28 15:26:13 462848 ----a-w- C:\Windows\System32\odbc32.dll
    2010-12-28 14:57:35 409600 ----a-w- C:\Windows\SysWow64\odbc32.dll
    2010-12-14 16:20:18 1251840 ----a-w- C:\Windows\System32\sdclt.exe
    2010-12-08 04:12:36 308304 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
    2010-11-12 13:19:38 382032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
    2010-11-06 11:10:13 357376 ----a-w- C:\Windows\SysWow64\taskschd.dll
    2010-11-06 11:10:13 270336 ----a-w- C:\Windows\SysWow64\taskcomp.dll
    2010-11-06 04:35:53 499712 ----a-w- C:\Windows\System32\wmicmiplugin.dll
    2010-11-06 04:35:30 655872 ----a-w- C:\Windows\System32\taskschd.dll
    2010-11-06 04:35:30 410112 ----a-w- C:\Windows\System32\taskcomp.dll
    2010-11-06 04:35:16 854528 ----a-w- C:\Windows\System32\schedsvc.dll
    2010-11-05 00:53:47 171520 ----a-w- C:\Windows\SysWow64\taskeng.exe
    2010-11-04 21:16:05 267776 ----a-w- C:\Windows\System32\taskeng.exe
    2010-10-28 13:17:36 2048 ----a-w- C:\Windows\System32\tzres.dll
    2010-10-28 12:56:58 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

    ============= FINISH: 0:35:16.01 ===============



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 18/01/2011 10:11:15
    System Uptime: 25/01/2011 00:12:52 (0 hours ago)

    Motherboard: PEGATRON CORPORATION | | NARRA5
    Processor: AMD Phenom(tm) 9650 Quad-Core Processor | Socket AM2 | 2300/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 451 GiB total, 387.319 GiB free.
    D: is FIXED (NTFS) - 15 GiB total, 2.133 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================


    ==== Installed Programs ======================

    ActiveCheck component for HP Active Support Library
    Adobe Flash Player 10 ActiveX
    AVG PC Tuneup 2011
    Belkin Wireless USB Adapter Setup
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Compatibility Pack for the 2007 Office system
    CyberLink DVD Suite Deluxe
    DirectX for Managed Code Update (Summer 2004)
    Google Chrome
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Advisor
    HP Customer Experience Enhancements
    HP Games
    HP MediaSmart Demo
    HP MediaSmart DVD
    HP MediaSmart Music/Photo/Video
    HP Odometer
    HP Picasso Media Center Add-In
    HP Recovery Manager RSS
    HP Support Information
    HP Total Care Setup
    HP Update
    HPAsset component for HP Active Support Library
    Java Auto Updater
    Java(TM) 6 Update 23
    LabelPrint
    LightScribe System Software
    Magic Desktop
    Malwarebytes' Anti-Malware
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Power2Go
    PowerDirector
    Python 2.6 pywin32-212
    Python 2.6.1
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Skins
    sp44626
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Visual Studio 2008 x64 Redistributables

    ==== End Of File ===========================


    I had to recover to factory settings, so not sure if it is as of yet clean.

    And although I do not mean to sound unmannerly, time is of the essence :)

    Thanks in advance.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    If you restored computer to factory settings, I don't see any reason for your computer to be infected.
     
  3. CrazyHorse

    CrazyHorse TS Rookie Topic Starter

    Ok, I see your point of view.

    But, when recovering it to factory settings, It also installs software that came with the computer. Isn't there a chance something could be hidding in the software, or recovery partition?
     
  4. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    That's not possible.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...