TechSpot

Particularly frustrating virus

By Wendig0
Mar 27, 2011
  1. [Solved]Particularly frustrating virus

    This is going to be long, so I apologize.

    After an all day raiding marathon on WoW, I needed a nap. When I woke up and went back to my computer, I had several popup windows advertising "Win 7 Internet Security 2011" plastered all over my screen. Firefox 4 was also running because it was left open during my nap.

    I'm smart enough to know not to click on anything like that, and so I killed firefox in my task manager processes thinking it would close the popup windows. It didn't.

    At that time, I noticed a process that was unknown to me called "HPF.exe (steam)". As soon as I killed that process the popups went away. I then attempted to access firefox again so that I could ultimately come here and follow the steps for virus removal. No joy though. Every webpage was taking me to "Win 7 Internet Security 2011" spam.

    From here I disabled my internet connection through Avast Internet Security v6, and unplugged my computer from the router. I couldn't have this bug infecting my other systems (which have checked out to be clean). I rebooted into safemode, and attempted to run MalwareBytes, though it wouldn't open. I then ran SuperAntiSpyware (free edition) and it came back with 3 instances of "Trojan.Agent/Gen-FakeAlert(Steam)", which got me thinking about "HPF.exe (steam)". I cleaned them with SuperAntiSpyware and rebooted back into safemode again. I then ran a full scan with Avast and found 2 more instances, which Avast couldn't clean.

    I still couldn't access the internet, so I called Avast, and they had me go through the registry, although I couldn't even access the registry. My whole system turned against itself, and the only thing I could think of doing, after 2 days of scanning and cleaning, was to start from scratch and format everything.

    After reinstalling windows, all my drivers, avast (from a file on my external drive), and my games, Avast told me it was time to renew. When I tried going to avast.com, I got a message saying the connection had been reset. I checked the status of the site, and it seems to be working for everyone but me. I checked my hosts file, and avast isn't blocked, so now I am here to follow the 8 steps.

    tl;dr - Nasty virus, can't fix it, format and reinstall windows, still having problems, need help.

    Attached is my mbam log.

    *edit* Missed the part about pasting the logs. ... Here is the mbam log.


    MBAM log
    _________

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6185

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    3/27/2011 1:47:09 PM
    mbam-log-2011-03-27 (13-47-09).txt

    Scan type: Quick scan
    Objects scanned: 158052
    Time elapsed: 2 minute(s), 13 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  2. Wendig0

    Wendig0 TechSpot Paladin Topic Starter Posts: 1,106   +97

    Here is my gmer log

    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit scan 2011-03-27 15:15:13
    Windows 6.1.7600
    Running: lxwmt7zc.exe


    ---- Files - GMER 1.0.15 ----

    File C:\## aswSnx private storage 0 bytes
    File C:\## aswSnx private storage\sfzone 0 bytes
    File C:\## aswSnx private storage\sfzone\attrib 0 bytes
    File C:\## aswSnx private storage\sfzone\image 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Program Files 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Program Files\Alwil Software 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Program Files\Alwil Software\Avast5 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Program Files\Alwil Software\Avast5\sfzone 0 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile 0 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\chrome_shutdown_ms.txt 4 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default 0 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Archived History 53248 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Bookmarks 505 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache 0 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\data_0 45056 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\data_1 270336 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\data_2 1056768 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\data_3 4202496 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_000001 57254 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_000002 18080 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_000003 17209 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_000004 18994 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_000005 32840 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_000006 36402 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_000007 48462 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_000008 56764 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_000009 36457 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_00000a 18080 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_00000b 26213 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_00000c 16961 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_00000d 23912 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_00000e 19246 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_00000f 18237 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_000010 44430 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_000011 18080 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_000012 16929 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_000013 89667 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_000014 17209 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\index 524656 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cookies 6144 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Current Session 13193 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Current Tabs 3509 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Favicons 10240 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\History 90112 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\History Index 2011-03 73728 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Plugin Data 0 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Plugin Data\Google Gears 0 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Preferences 3578 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Top Sites 20480 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\User StyleSheets 0 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\User StyleSheets\Custom.css 0 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Visited Links 131072 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Web Data 61440 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Local State 1996 bytes
    File C:\## aswSnx private storage\sfzone\image\Users 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Rance 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Rance\AppData 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Rance\AppData\Local 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Rance\AppData\Local\Temp 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Rance\AppData\LocalLow 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Rance\AppData\LocalLow\Microsoft 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Rance\AppData\LocalLow\Microsoft\CryptnetUrlCache 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Rance\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Rance\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\48C226A0FE7D97DE1C716B47235CB639_339FE4A15083BA9D58F96C1443F0D4C4 1085 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Rance\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D47DBD2F9E3365FBBE008D71FB06716F_D47CBB7C2C5C1BDE230ED2B146145618 1208 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Rance\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Rance\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\48C226A0FE7D97DE1C716B47235CB639_339FE4A15083BA9D58F96C1443F0D4C4 400 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Rance\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D47DBD2F9E3365FBBE008D71FB06716F_D47CBB7C2C5C1BDE230ED2B146145618 368 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Rance\AppData\Roaming 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Rance\AppData\Roaming\Mozilla 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Rance\AppData\Roaming\Mozilla\Firefox 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Rance\AppData\Roaming\Mozilla\Firefox\Profiles 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Rance\AppData\Roaming\Mozilla\Firefox\Profiles\b01es2nc.default 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Rance\AppData\Roaming\Mozilla\Firefox\Profiles\b01es2nc.default\places.sqlite 10485760 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Rance\Desktop 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Rance\Desktop\Chromium.lnk 2134 bytes
    File C:\## aswSnx private storage\sfzone\snx_fs.dat 10444 bytes
    File C:\## aswSnx private storage\snx_rhive 262144 bytes
    File C:\## aswSnx private storage\snx_rhive.LOG1 29696 bytes
    File C:\## aswSnx private storage\snx_rhive.LOG2 0 bytes
    File C:\## aswSnx private storage\snx_rhive{7073bde1-5889-11e0-87f2-bcaec5439e87}.TM.blf 65536 bytes
    File C:\## aswSnx private storage\snx_rhive{7073bde1-5889-11e0-87f2-bcaec5439e87}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
    File C:\## aswSnx private storage\snx_rhive{7073bde1-5889-11e0-87f2-bcaec5439e87}.TMContainer00000000000000000002.regtrans-ms 524288 bytes
    File C:\Windows\System32\LogFiles\Scm\3c983e3c-bb96-4e85-bebb-f33e439bb16d 0 bytes
    File C:\Windows\System32\LogFiles\Scm\8201a871-1702-47ce-a8cf-76ceb1eb3f8c 0 bytes

    ---- EOF - GMER 1.0.15 ----
     
  3. Wendig0

    Wendig0 TechSpot Paladin Topic Starter Posts: 1,106   +97

    DDS.txt Log

    DDS (Ver_11-03-05.01) - NTFS_AMD64
    Run by RC at 15:18:18.82 on Sun 03/27/2011
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8190.6748 [GMT -4:00]
    .
    AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\DAODx.exe
    C:\Program Files (x86)\ASUS\EPU\EPU.exe
    C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\sppsvc.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\SysWOW64\ctfmon.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Rance\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit=userinit.exe
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    mRun: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
    mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Rance\AppData\Roaming\Mozilla\Firefox\Profiles\b01es2nc.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\System32\drivers\aswNdis.sys [2011-3-27 12368]
    R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\System32\drivers\aswNdis2.sys [2011-3-27 253784]
    R1 aswFW;avast! TDI Firewall driver;C:\Windows\System32\drivers\aswFW.sys [2011-3-27 127320]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-3-27 505176]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-3-27 280408]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-3-27 22360]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-3-27 64344]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-3-27 42184]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-4-26 83080]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-4-26 184968]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2011-3-27 155752]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-26 333928]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2011-3-27 1301504]
    S2 avast! Firewall;avast! Firewall;C:\Program Files\Alwil Software\Avast5\afwServ.exe [2011-3-27 121000]
    .
    =============== Created Last 30 ================
    .
    2011-03-27 17:43:59 -------- d-----w- C:\Users\Rance\AppData\Roaming\Malwarebytes
    2011-03-27 17:43:54 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-03-27 17:43:53 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2011-03-27 17:43:50 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-03-27 17:43:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-03-27 17:18:00 -------- d-----w- C:\Users\Rance\AppData\Local\Google
    2011-03-27 16:47:34 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
    2011-03-27 16:46:08 -------- d-----w- C:\PROGRA~3\Blizzard Entertainment
    2011-03-27 07:44:15 -------- d-----w- C:\Windows\Panther
    2011-03-27 04:45:29 505176 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2011-03-27 04:45:25 127320 ----a-w- C:\Windows\System32\drivers\aswFW.sys
    2011-03-27 04:45:14 253784 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys
    2011-03-27 04:45:12 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2011-03-27 04:44:25 12368 ----a-w- C:\Windows\System32\drivers\aswNdis.sys
    2011-03-27 04:44:24 40648 ----a-w- C:\Windows\avastSS.scr
    2011-03-27 04:44:21 -------- d-----w- C:\PROGRA~3\Alwil Software
    2011-03-27 04:37:29 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
    2011-03-27 04:34:11 -------- d-----w- C:\NVIDIA
    2011-03-27 04:27:33 8424784 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{38C198E1-3676-446F-AAA8-25D5A2878506}\mpengine.dll
    2011-03-27 04:27:32 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2011-03-27 04:08:13 315904 ----a-w- C:\Windows\SysWow64\Difxf5c3.rra
    2011-03-27 04:08:13 -------- d-----w- C:\RaidTool
    2011-03-27 04:08:08 115824 ----a-w- C:\Windows\System32\drivers\jraid.sys
    2011-03-27 04:08:06 -------- d-----w- C:\Windows\RaidTool
    2011-03-27 04:07:55 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
    2011-03-27 04:07:55 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
    2011-03-27 04:07:55 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
    2011-03-27 04:07:55 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
    2011-03-27 04:07:55 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
    2011-03-27 04:07:55 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
    2011-03-27 04:07:55 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
    2011-03-27 04:07:54 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
    2011-03-27 04:07:54 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
    2011-03-27 04:07:32 -------- d-----w- C:\Program Files (x86)\Renesas Electronics
    2011-03-27 04:01:05 980480 ----a-w- C:\Windows\System32\VIAPropPageExt.dll
    2011-03-27 04:01:05 86016 ----a-w- C:\Windows\System32\nQPropPageExt.dll
    2011-03-27 04:01:05 84992 ----a-w- C:\Windows\System32\Dts2PropPageExt.dll
    2011-03-27 04:01:05 82432 ----a-w- C:\Windows\System32\nQAPO.dll
    2011-03-27 04:01:05 76288 ----a-w- C:\Windows\System32\ViaMicArrayPropPageExt.dll
    2011-03-27 04:01:05 534528 ----a-w- C:\Windows\System32\VIASysFx.dll
    2011-03-27 04:01:05 242176 ----a-w- C:\Windows\System32\Dts2APO.dll
    2011-03-27 04:01:05 193024 ----a-w- C:\Windows\System32\ViaMicArrayAPO.dll
    2011-03-27 04:01:05 1301504 ----a-w- C:\Windows\System32\drivers\viahduaa.sys
    2011-03-27 04:00:29 -------- d-----w- C:\PROGRA~3\NVIDIA Corporation
    2011-03-27 04:00:26 -------- d-----w- C:\Program Files\NVIDIA Corporation
    2011-03-27 04:00:04 414632 ------w- C:\Windows\difxapi.dll
    2011-03-27 04:00:03 -------- d-----w- C:\Program Files (x86)\VIA
    2011-03-27 03:59:46 -------- d-sh--w- C:\Windows\Installer
    2011-03-27 03:59:29 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2011-03-27 03:59:29 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2011-03-27 03:59:29 139264 ----a-w- C:\Windows\System32\cabview.dll
    2011-03-27 03:59:29 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
    2011-03-27 03:58:59 24576 ----a-r- C:\Windows\SysWow64\AsIO.dll
    2011-03-27 03:58:58 13440 ----a-r- C:\Windows\SysWow64\drivers\AsIO.sys
    2011-03-27 03:58:56 11832 ----a-w- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
    2011-03-27 03:58:55 10216 ----a-w- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
    2011-03-27 03:58:55 -------- d-----w- C:\Program Files (x86)\ASUS
    2011-03-27 03:58:44 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
    2011-03-27 03:58:44 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
    2011-03-27 03:58:44 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
    2011-03-27 03:58:44 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
    2011-03-27 03:57:56 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
    2011-03-27 03:57:56 333928 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
    2011-03-27 03:57:56 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
    2011-03-27 03:57:36 -------- d-----w- C:\Program Files (x86)\Realtek
    .
    ==================== Find3M ====================
    .
    2011-01-08 00:49:34 795752 ----a-w- C:\Windows\System32\easyUpdatusAPIU64.dll
    2011-01-08 00:49:28 6143080 ----a-w- C:\Windows\System32\nvcpl.dll
    2011-01-08 00:49:10 3156072 ----a-w- C:\Windows\System32\nvsvc64.dll
    2011-01-08 00:48:58 117864 ----a-w- C:\Windows\System32\nvmctray.dll
    2011-01-08 00:48:58 1005160 ----a-w- C:\Windows\System32\nvvsvc.exe
    .
    ============= FINISH: 15:18:32.49 ===============


    ATTACH.txt Log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/26/2011 11:52:09 PM
    System Uptime: 3/27/2011 2:58:18 PM (1 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | M4A87TD EVO
    Processor: AMD Phenom(tm) II X4 955 Processor | AM3 | 800/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 298 GiB total, 272.064 GiB free.
    D: is FIXED (NTFS) - 69 GiB total, 69.071 GiB free.
    E: is CDROM (UDF)
    F: is FIXED (NTFS) - 233 GiB total, 215.453 GiB free.
    G: is FIXED (NTFS) - 932 GiB total, 415.634 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1: 3/26/2011 11:57:29 PM - Installed Realtek Ethernet Controller Driver For Windows Vista a®È
    RP2: 3/26/2011 11:58:48 PM - Installed EPU
    RP3: 3/26/2011 11:59:56 PM - Installed Platform
    RP4: 3/27/2011 12:00:01 AM - Windows Update
    RP5: 3/27/2011 12:07:20 AM - Installed Renesas Electronics USB 3.0 Host Controller Driver
    RP6: 3/27/2011 12:08:01 AM - Installed JMicron JMB36X Driver
    RP7: 3/27/2011 12:27:19 AM - Windows Update
    RP8: 3/27/2011 12:44:03 AM - avast! Internet Security Setup
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 10 Plugin
    avast! Internet Security
    EPU
    JMicron JMB36X Driver
    Malwarebytes' Anti-Malware
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox 4.0 (x86 en-US)
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    Platform
    Realtek Ethernet Controller Driver For Windows 7
    Renesas Electronics USB 3.0 Host Controller Driver
    VIA Platform Device Manager
    World of Warcraft
    .
    ==== End Of File ===========================
     
  4. Wendig0

    Wendig0 TechSpot Paladin Topic Starter Posts: 1,106   +97

    I'm fairly certain my computer is clean, but there are people here much more knowledgeable in the removal of viruses than I, and I need a confirmation. If anyone has any idea why I wouldn't be able to access Avast.com that is unrelated to the hosts file, that would be awesome too. I already checked the site on another computer, so I know it is up and running.
     
  5. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    "Win 7 Internet Security 2011" will not survive formatting and reinstalling Windows and your logs look clean.

    Which browser do you use?
    Did you try different browser?
     
  6. Wendig0

    Wendig0 TechSpot Paladin Topic Starter Posts: 1,106   +97

    Thank you Broni, I didn't think it was still resident.

    I am using Firefox 4. I tried it with IE, and it worked. The next time I used Firefox, it worked. I can't explain why. Thanks again Broni.

    Problem solved.
     
  7. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Gremlins?....hahahaha....

    Good luck :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...