Solved Particularly frustrating virus

Status
Not open for further replies.
Wendig0

Wendig0

Posts: 1,156   +146
[Solved]Particularly frustrating virus

This is going to be long, so I apologize.

After an all day raiding marathon on WoW, I needed a nap. When I woke up and went back to my computer, I had several popup windows advertising "Win 7 Internet Security 2011" plastered all over my screen. Firefox 4 was also running because it was left open during my nap.

I'm smart enough to know not to click on anything like that, and so I killed firefox in my task manager processes thinking it would close the popup windows. It didn't.

At that time, I noticed a process that was unknown to me called "HPF.exe (steam)". As soon as I killed that process the popups went away. I then attempted to access firefox again so that I could ultimately come here and follow the steps for virus removal. No joy though. Every webpage was taking me to "Win 7 Internet Security 2011" spam.

From here I disabled my internet connection through Avast Internet Security v6, and unplugged my computer from the router. I couldn't have this bug infecting my other systems (which have checked out to be clean). I rebooted into safemode, and attempted to run MalwareBytes, though it wouldn't open. I then ran SuperAntiSpyware (free edition) and it came back with 3 instances of "Trojan.Agent/Gen-FakeAlert(Steam)", which got me thinking about "HPF.exe (steam)". I cleaned them with SuperAntiSpyware and rebooted back into safemode again. I then ran a full scan with Avast and found 2 more instances, which Avast couldn't clean.

I still couldn't access the internet, so I called Avast, and they had me go through the registry, although I couldn't even access the registry. My whole system turned against itself, and the only thing I could think of doing, after 2 days of scanning and cleaning, was to start from scratch and format everything.

After reinstalling windows, all my drivers, avast (from a file on my external drive), and my games, Avast told me it was time to renew. When I tried going to avast.com, I got a message saying the connection had been reset. I checked the status of the site, and it seems to be working for everyone but me. I checked my hosts file, and avast isn't blocked, so now I am here to follow the 8 steps.

tl;dr - Nasty virus, can't fix it, format and reinstall windows, still having problems, need help.

Attached is my mbam log.

*edit* Missed the part about pasting the logs. ... Here is the mbam log.


MBAM log
_________

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6185

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/27/2011 1:47:09 PM
mbam-log-2011-03-27 (13-47-09).txt

Scan type: Quick scan
Objects scanned: 158052
Time elapsed: 2 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Here is my gmer log

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-03-27 15:15:13
Windows 6.1.7600
Running: lxwmt7zc.exe


---- Files - GMER 1.0.15 ----

File C:\## aswSnx private storage 0 bytes
File C:\## aswSnx private storage\sfzone 0 bytes
File C:\## aswSnx private storage\sfzone\attrib 0 bytes
File C:\## aswSnx private storage\sfzone\image 0 bytes
File C:\## aswSnx private storage\sfzone\image\Program Files 0 bytes
File C:\## aswSnx private storage\sfzone\image\Program Files\Alwil Software 0 bytes
File C:\## aswSnx private storage\sfzone\image\Program Files\Alwil Software\Avast5 0 bytes
File C:\## aswSnx private storage\sfzone\image\Program Files\Alwil Software\Avast5\sfzone 0 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile 0 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\chrome_shutdown_ms.txt 4 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default 0 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Archived History 53248 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Bookmarks 505 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache 0 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\data_0 45056 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\data_1 270336 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\data_2 1056768 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\data_3 4202496 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_000001 57254 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_000002 18080 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_000003 17209 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_000004 18994 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_000005 32840 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_000006 36402 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_000007 48462 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_000008 56764 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_000009 36457 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_00000a 18080 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_00000b 26213 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_00000c 16961 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_00000d 23912 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_00000e 19246 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_00000f 18237 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_000010 44430 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_000011 18080 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_000012 16929 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_000013 89667 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_000014 17209 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\index 524656 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cookies 6144 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Current Session 13193 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Current Tabs 3509 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Favicons 10240 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\History 90112 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\History Index 2011-03 73728 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Plugin Data 0 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Plugin Data\Google Gears 0 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Preferences 3578 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Top Sites 20480 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\User StyleSheets 0 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\User StyleSheets\Custom.css 0 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Visited Links 131072 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Web Data 61440 bytes
File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Local State 1996 bytes
File C:\## aswSnx private storage\sfzone\image\Users 0 bytes
File C:\## aswSnx private storage\sfzone\image\Users\Rance 0 bytes
File C:\## aswSnx private storage\sfzone\image\Users\Rance\AppData 0 bytes
File C:\## aswSnx private storage\sfzone\image\Users\Rance\AppData\Local 0 bytes
File C:\## aswSnx private storage\sfzone\image\Users\Rance\AppData\Local\Temp 0 bytes
File C:\## aswSnx private storage\sfzone\image\Users\Rance\AppData\LocalLow 0 bytes
File C:\## aswSnx private storage\sfzone\image\Users\Rance\AppData\LocalLow\Microsoft 0 bytes
File C:\## aswSnx private storage\sfzone\image\Users\Rance\AppData\LocalLow\Microsoft\CryptnetUrlCache 0 bytes
File C:\## aswSnx private storage\sfzone\image\Users\Rance\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content 0 bytes
File C:\## aswSnx private storage\sfzone\image\Users\Rance\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\48C226A0FE7D97DE1C716B47235CB639_339FE4A15083BA9D58F96C1443F0D4C4 1085 bytes
File C:\## aswSnx private storage\sfzone\image\Users\Rance\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D47DBD2F9E3365FBBE008D71FB06716F_D47CBB7C2C5C1BDE230ED2B146145618 1208 bytes
File C:\## aswSnx private storage\sfzone\image\Users\Rance\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData 0 bytes
File C:\## aswSnx private storage\sfzone\image\Users\Rance\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\48C226A0FE7D97DE1C716B47235CB639_339FE4A15083BA9D58F96C1443F0D4C4 400 bytes
File C:\## aswSnx private storage\sfzone\image\Users\Rance\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D47DBD2F9E3365FBBE008D71FB06716F_D47CBB7C2C5C1BDE230ED2B146145618 368 bytes
File C:\## aswSnx private storage\sfzone\image\Users\Rance\AppData\Roaming 0 bytes
File C:\## aswSnx private storage\sfzone\image\Users\Rance\AppData\Roaming\Mozilla 0 bytes
File C:\## aswSnx private storage\sfzone\image\Users\Rance\AppData\Roaming\Mozilla\Firefox 0 bytes
File C:\## aswSnx private storage\sfzone\image\Users\Rance\AppData\Roaming\Mozilla\Firefox\Profiles 0 bytes
File C:\## aswSnx private storage\sfzone\image\Users\Rance\AppData\Roaming\Mozilla\Firefox\Profiles\b01es2nc.default 0 bytes
File C:\## aswSnx private storage\sfzone\image\Users\Rance\AppData\Roaming\Mozilla\Firefox\Profiles\b01es2nc.default\places.sqlite 10485760 bytes
File C:\## aswSnx private storage\sfzone\image\Users\Rance\Desktop 0 bytes
File C:\## aswSnx private storage\sfzone\image\Users\Rance\Desktop\Chromium.lnk 2134 bytes
File C:\## aswSnx private storage\sfzone\snx_fs.dat 10444 bytes
File C:\## aswSnx private storage\snx_rhive 262144 bytes
File C:\## aswSnx private storage\snx_rhive.LOG1 29696 bytes
File C:\## aswSnx private storage\snx_rhive.LOG2 0 bytes
File C:\## aswSnx private storage\snx_rhive{7073bde1-5889-11e0-87f2-bcaec5439e87}.TM.blf 65536 bytes
File C:\## aswSnx private storage\snx_rhive{7073bde1-5889-11e0-87f2-bcaec5439e87}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\snx_rhive{7073bde1-5889-11e0-87f2-bcaec5439e87}.TMContainer00000000000000000002.regtrans-ms 524288 bytes
File C:\Windows\System32\LogFiles\Scm\3c983e3c-bb96-4e85-bebb-f33e439bb16d 0 bytes
File C:\Windows\System32\LogFiles\Scm\8201a871-1702-47ce-a8cf-76ceb1eb3f8c 0 bytes

---- EOF - GMER 1.0.15 ----
 
DDS.txt Log

DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by RC at 15:18:18.82 on Sun 03/27/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8190.6748 [GMT -4:00]
.
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\DAODx.exe
C:\Program Files (x86)\ASUS\EPU\EPU.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Rance\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
mRun: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rance\AppData\Roaming\Mozilla\Firefox\Profiles\b01es2nc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\System32\drivers\aswNdis.sys [2011-3-27 12368]
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\System32\drivers\aswNdis2.sys [2011-3-27 253784]
R1 aswFW;avast! TDI Firewall driver;C:\Windows\System32\drivers\aswFW.sys [2011-3-27 127320]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-3-27 505176]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-3-27 280408]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-3-27 22360]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-3-27 64344]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-3-27 42184]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-4-26 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-4-26 184968]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2011-3-27 155752]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-26 333928]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2011-3-27 1301504]
S2 avast! Firewall;avast! Firewall;C:\Program Files\Alwil Software\Avast5\afwServ.exe [2011-3-27 121000]
.
=============== Created Last 30 ================
.
2011-03-27 17:43:59 -------- d-----w- C:\Users\Rance\AppData\Roaming\Malwarebytes
2011-03-27 17:43:54 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-27 17:43:53 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-03-27 17:43:50 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-03-27 17:43:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-03-27 17:18:00 -------- d-----w- C:\Users\Rance\AppData\Local\Google
2011-03-27 16:47:34 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2011-03-27 16:46:08 -------- d-----w- C:\PROGRA~3\Blizzard Entertainment
2011-03-27 07:44:15 -------- d-----w- C:\Windows\Panther
2011-03-27 04:45:29 505176 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-03-27 04:45:25 127320 ----a-w- C:\Windows\System32\drivers\aswFW.sys
2011-03-27 04:45:14 253784 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys
2011-03-27 04:45:12 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-03-27 04:44:25 12368 ----a-w- C:\Windows\System32\drivers\aswNdis.sys
2011-03-27 04:44:24 40648 ----a-w- C:\Windows\avastSS.scr
2011-03-27 04:44:21 -------- d-----w- C:\PROGRA~3\Alwil Software
2011-03-27 04:37:29 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2011-03-27 04:34:11 -------- d-----w- C:\NVIDIA
2011-03-27 04:27:33 8424784 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{38C198E1-3676-446F-AAA8-25D5A2878506}\mpengine.dll
2011-03-27 04:27:32 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-03-27 04:08:13 315904 ----a-w- C:\Windows\SysWow64\Difxf5c3.rra
2011-03-27 04:08:13 -------- d-----w- C:\RaidTool
2011-03-27 04:08:08 115824 ----a-w- C:\Windows\System32\drivers\jraid.sys
2011-03-27 04:08:06 -------- d-----w- C:\Windows\RaidTool
2011-03-27 04:07:55 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-03-27 04:07:55 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-03-27 04:07:55 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2011-03-27 04:07:55 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-03-27 04:07:55 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-03-27 04:07:55 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-03-27 04:07:55 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-03-27 04:07:54 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-03-27 04:07:54 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-03-27 04:07:32 -------- d-----w- C:\Program Files (x86)\Renesas Electronics
2011-03-27 04:01:05 980480 ----a-w- C:\Windows\System32\VIAPropPageExt.dll
2011-03-27 04:01:05 86016 ----a-w- C:\Windows\System32\nQPropPageExt.dll
2011-03-27 04:01:05 84992 ----a-w- C:\Windows\System32\Dts2PropPageExt.dll
2011-03-27 04:01:05 82432 ----a-w- C:\Windows\System32\nQAPO.dll
2011-03-27 04:01:05 76288 ----a-w- C:\Windows\System32\ViaMicArrayPropPageExt.dll
2011-03-27 04:01:05 534528 ----a-w- C:\Windows\System32\VIASysFx.dll
2011-03-27 04:01:05 242176 ----a-w- C:\Windows\System32\Dts2APO.dll
2011-03-27 04:01:05 193024 ----a-w- C:\Windows\System32\ViaMicArrayAPO.dll
2011-03-27 04:01:05 1301504 ----a-w- C:\Windows\System32\drivers\viahduaa.sys
2011-03-27 04:00:29 -------- d-----w- C:\PROGRA~3\NVIDIA Corporation
2011-03-27 04:00:26 -------- d-----w- C:\Program Files\NVIDIA Corporation
2011-03-27 04:00:04 414632 ------w- C:\Windows\difxapi.dll
2011-03-27 04:00:03 -------- d-----w- C:\Program Files (x86)\VIA
2011-03-27 03:59:46 -------- d-sh--w- C:\Windows\Installer
2011-03-27 03:59:29 220672 ----a-w- C:\Windows\System32\wintrust.dll
2011-03-27 03:59:29 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2011-03-27 03:59:29 139264 ----a-w- C:\Windows\System32\cabview.dll
2011-03-27 03:59:29 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2011-03-27 03:58:59 24576 ----a-r- C:\Windows\SysWow64\AsIO.dll
2011-03-27 03:58:58 13440 ----a-r- C:\Windows\SysWow64\drivers\AsIO.sys
2011-03-27 03:58:56 11832 ----a-w- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
2011-03-27 03:58:55 10216 ----a-w- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
2011-03-27 03:58:55 -------- d-----w- C:\Program Files (x86)\ASUS
2011-03-27 03:58:44 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-03-27 03:58:44 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-03-27 03:58:44 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-03-27 03:58:44 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-03-27 03:57:56 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2011-03-27 03:57:56 333928 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2011-03-27 03:57:56 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2011-03-27 03:57:36 -------- d-----w- C:\Program Files (x86)\Realtek
.
==================== Find3M ====================
.
2011-01-08 00:49:34 795752 ----a-w- C:\Windows\System32\easyUpdatusAPIU64.dll
2011-01-08 00:49:28 6143080 ----a-w- C:\Windows\System32\nvcpl.dll
2011-01-08 00:49:10 3156072 ----a-w- C:\Windows\System32\nvsvc64.dll
2011-01-08 00:48:58 117864 ----a-w- C:\Windows\System32\nvmctray.dll
2011-01-08 00:48:58 1005160 ----a-w- C:\Windows\System32\nvvsvc.exe
.
============= FINISH: 15:18:32.49 ===============


ATTACH.txt Log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/26/2011 11:52:09 PM
System Uptime: 3/27/2011 2:58:18 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A87TD EVO
Processor: AMD Phenom(tm) II X4 955 Processor | AM3 | 800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 272.064 GiB free.
D: is FIXED (NTFS) - 69 GiB total, 69.071 GiB free.
E: is CDROM (UDF)
F: is FIXED (NTFS) - 233 GiB total, 215.453 GiB free.
G: is FIXED (NTFS) - 932 GiB total, 415.634 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 3/26/2011 11:57:29 PM - Installed Realtek Ethernet Controller Driver For Windows Vista a®È
RP2: 3/26/2011 11:58:48 PM - Installed EPU
RP3: 3/26/2011 11:59:56 PM - Installed Platform
RP4: 3/27/2011 12:00:01 AM - Windows Update
RP5: 3/27/2011 12:07:20 AM - Installed Renesas Electronics USB 3.0 Host Controller Driver
RP6: 3/27/2011 12:08:01 AM - Installed JMicron JMB36X Driver
RP7: 3/27/2011 12:27:19 AM - Windows Update
RP8: 3/27/2011 12:44:03 AM - avast! Internet Security Setup
.
==== Installed Programs ======================
.
Adobe Flash Player 10 Plugin
avast! Internet Security
EPU
JMicron JMB36X Driver
Malwarebytes' Anti-Malware
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 4.0 (x86 en-US)
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Platform
Realtek Ethernet Controller Driver For Windows 7
Renesas Electronics USB 3.0 Host Controller Driver
VIA Platform Device Manager
World of Warcraft
.
==== End Of File ===========================
 
I'm fairly certain my computer is clean, but there are people here much more knowledgeable in the removal of viruses than I, and I need a confirmation. If anyone has any idea why I wouldn't be able to access Avast.com that is unrelated to the hosts file, that would be awesome too. I already checked the site on another computer, so I know it is up and running.
 
"Win 7 Internet Security 2011" will not survive formatting and reinstalling Windows and your logs look clean.

When I tried going to avast.com, I got a message saying the connection had been reset
Click to expand...
Which browser do you use?
Did you try different browser?
 
Thank you Broni, I didn't think it was still resident.

I am using Firefox 4. I tried it with IE, and it worked. The next time I used Firefox, it worked. I can't explain why. Thanks again Broni.

Problem solved.
 
Status
Not open for further replies.

Similar threads

losdavos
Malware removal help, please and thank you!
Replies
1
Views
832
losdavos
losdavos
D
Three malicious VPN extensions on the Chrome Web Store infected 1.5 million devices before...
Replies
11
Views
384
Nestea
N
A
New variant of "TheMoon" malware enslaves thousands of insecure Asus routers into a malicious proxy
Replies
2
Views
145
Snazz
S

Latest posts

Back