ATrout
-
Posts
13 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by ATrout
-
-
-
I've never used it, or installed it. (Unless minecraft uses it.)
-
http://en.wikipedia.org/wiki/FLTK
Seems like this may be a component of minecraft, or some other program? (A malicious program could of used it, though...)
-
Do you recognize these:
2013-01-20 00:48 . 2013-01-20 00:48 -------- d-----w- c:\users\Andrew\AppData\Roaming\fltk.org
2013-01-20 00:48 . 2013-01-20 00:48 -------- d-----w- c:\programdata\fltk.org
No...not really.
I don't know what they are.
-
-
Just did ANOTHER scan with RogueKiller;
here's the report (found things. )
-
Combofix has completed running.
I also ran roguekiller again, and it found 5 items... also attached this as a 2nd log.
-
I ran both programs; I don't think anything came up...
(2 attatchments)
My firewall is fine, so is windows update.
-
Sorry; didn't see that part about the code.
I will post them in text from now on.
I started hl2.exe again (TF2), and got this IP blocked: 68.71.51.11
Still there, I guess...
-
My Malwarebytes full scan has completed:
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org
Database version: v2013.02.01.11
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Andrew :: QUANTUM [administrator]
Protection: Enabled
2/1/2013 7:18:29 PM
mbam-log-2013-02-01 (19-18-29).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 394125
Time elapsed: 14 hour(s), 23 minute(s), 32 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)I am now running RogueKiller.
(RogueKiller finished, found 2 things in the registry.)
Here's the report:
RogueKiller V8.4.4 _x64_ [Feb 1 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Andrew [Admin rights]
Mode : Remove -- Date : 02/02/2013 09:44:45
| ARK || MBR |¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK6475GSX +++++
--- User ---
[MBR] 72b47c3daff4ebab3cd639ac66d9b1c6
[BSP] 373f5cce8dd4acee173f4b43dcc872a3 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 594944 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1221519360 | Size: 14035 Mo
User = LL1 ... OK!
User = LL2 ... OK!Finished : << RKreport[2]_D_02022013_02d0944.txt >>
RKreport[1]_S_02022013_02d0943.txt ; RKreport[2]_D_02022013_02d0944.txt -
I have obtained the 2 logs...
DDS:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by Andrew at 9:31:43 on 2013-02-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.564 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\GFNEXSrv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe
C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\RealVNC\VNC Server\vncserver.exe
C:\Program Files\RealVNC\VNC Server\vncserver.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\RealVNC\VNC Server\vncserver.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Toshiba\ToshibaRegistration\TaisRegistPinger.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\PC Booster\PCBooster.exe
C:\Program Files (x86)\Steam\GameOverlayUI.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskmgr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\steam\steamapps\blcitrus\team fortress 2\hl2.exe
C:\Program Files (x86)\Steam\GameOverlayUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Update\Install\{3E03BFCA-B20E-4248-BCCC-66C31AD29534}\24.0.1312.57_24.0.1312.56_chrome_updater.exe
C:\windows\TEMP\CR_BD47E.tmp\setup.exe
C:\Program Files\AVAST Software\Avast\setup\avast.setup
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://start.toshiba.com
uProxyOverride = <local>;*.local
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{94084EFC-E01E-4379-95BA-48527CA3825B} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{94084EFC-E01E-4379-95BA-48527CA3825B}\07 : DHCPNameServer = 10.0.2.1
TCP: Interfaces\{94084EFC-E01E-4379-95BA-48527CA3825B}\4456477796C6562764C4 : DHCPNameServer = 192.168.15.1
TCP: Interfaces\{94084EFC-E01E-4379-95BA-48527CA3825B}\4656661657C647 : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [SRS Premium Sound HD] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [TOSHIBA Face Recognition] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2012-9-24 984144]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2012-9-24 370288]
R1 ccSet_NAT;Norton Anti-Theft Settings Manager;C:\windows\System32\drivers\NATx64\0106000.011\ccSetx64.sys [2012-10-11 168096]
R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2012-9-24 25232]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2012-9-24 71600]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2012-7-19 93712]
.
=============== Created Last 30 ================
.
2013-01-20 19:39:20 -------- d-----w- C:\Users\Andrew\AppData\Roaming\Malwarebytes
2013-01-20 19:39:08 -------- d-----w- C:\ProgramData\Malwarebytes
2013-01-20 19:39:06 24176 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-01-20 19:39:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-20 00:48:35 -------- d-----w- C:\Users\Andrew\AppData\Roaming\fltk.org
2013-01-20 00:48:34 -------- d-----w- C:\ProgramData\fltk.org
2013-01-17 15:17:53 230400 ----a-w- C:\windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2013-01-16 02:48:16 -------- d-----w- C:\Users\Andrew\AppData\Local\Razer
2013-01-09 01:11:12 -------- d-----w- C:\Users\Andrew\AppData\Local\fontconfig
2013-01-09 01:11:10 -------- d-----w- C:\Users\Andrew\AppData\Local\gegl-0.2
2013-01-09 01:11:10 -------- d-----w- C:\Users\Andrew\.gimp-2.8
2013-01-09 01:10:33 -------- d-----w- C:\Program Files (x86)\VTFEdit
2013-01-09 01:06:46 -------- d-----w- C:\Program Files\Nem's Tools
2013-01-09 00:58:05 -------- d-----w- C:\Program Files\GIMP 2
.
==================== Find3M ====================
.
2013-01-09 00:21:56 74248 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 00:21:56 697864 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 9:34:00.72 ===============Attatch:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/22/2012 2:38:31 PM
System Uptime: 2/1/2013 12:01:28 PM (21 hours ago)
.
Motherboard: Type2 - Board Vendor Name1 | | Type2 - Board Product Name1
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz | U3E1 | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 465.248 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP15: 1/14/2013 6:20:11 PM - Scheduled Checkpoint
RP16: 2/1/2013 6:26:56 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X MUI
Amazon Links
AMD APP SDK Runtime
AMD Catalyst Install Manager
Amnesia: The Dark Descent
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AssaultCube v1.1.0.4
Audacity 2.0.2
avast! Free Antivirus
Beeper
Bejeweled 3
Blender
Bonjour
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
D3DX10
Debut Video Capture Software
FATE
FirstTry
Fraps
Game Cam 2.6.1.0
Garry's Mod
GIMP 2.8.2
Google Chrome
Google Update Helper
Half-Life Dedicated Server Update Tool
Intel(R) Manageability Engine Firmware Recovery Agent
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
iTunes
Java Auto Updater
Java(TM) 6 Update 25
Junk Mail filter update
LAME v3.99.3 (for Windows)
Left 4 Dead 2
Letters from Nowhere 2
Malwarebytes Anti-Malware version 1.70.0.1100
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Help Viewer 1.0
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Visual Basic 2010 Express - ENU
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
MSVCRT
MSVCRT Redists
MSVCRT_amd64
No-IP DUC
Norton Anti-Theft
Norton PC Checkup
OpenAL
PC Booster 1.1.5.6
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Polar Bowler
Portal
Premium Sound HD
Razer Game Booster
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit)
Skype™ 6.0
Sql Server Customer Experience Improvement Program
Steam
Synaptics Pointing Device Driver
Team Fortress 2
TF2 Items Editor
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
Toshiba Security Dashboard
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA User's Guide
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBARegistration
Update Installer for WildTangent Games App
Vegas Movie Studio HD 11.0
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VNC Mirror Driver 1.8.0
VNC Printer Driver 1.8.0
VNC Server 5.0.3
VTFEdit 1.2.5
VTFEdit 1.3.3
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
1/31/2013 7:17:20 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.
1/31/2013 7:08:08 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
1/30/2013 6:39:57 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
1/29/2013 5:41:37 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer HP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{94084EFC-E01E-4379-95BA-48527CA3825B}. The master browser is stopping or an election is being forced.
1/29/2013 5:41:34 PM, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
1/29/2013 5:40:44 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.2 with the system having network hardware address 8C-A9-82-9F-5F-28. Network operations on this system may be disrupted as a result.
.
==== End Of File ===========================[/b]
[b] -
Hello;
I have had malwarebytes AND avast block repeated attempts to connect to a malicious IP.
Funnily enough, avast detected that something in it's code was attempting to do the same.
I'm wondering if I'm infected, but I don't know for sure.
I also play some games from Steam, which run on the source engine. Most of these processes go by the alias "hl2.exe"
MBAM also detected this program trying to access malicious IP addresses, which it successfully blocked.
I'm too worried to open the game back up, (It's multiplayer, and has a server list,) unless something gets through.
I can post screenshots if needed;
Assistance would be appreciated!
Common Virus? Infected files, tries to connect to malicious IP?
in Resolved Malware Removal Logs
Posted
Ran SecurityCheck;
Toshiba with it's "Pc health monitor" says that an illegal operation attempted to delete a registry key.
My computer seems to be running fine; maybe this is the case: http://forums.malwarebytes.org/index.php?showtopic=47812
Could it be similar to this? When I open the program (It's a multiplayer game), it lists all the servers available. It may just have shown one that malwarebytes classified as "malicious."
LOG:
Results of screen317's Security Check version 0.99.57
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Java 6 Update 25
Java version out of Date!
Google Chrome 24.0.1312.56
Google Chrome 24.0.1312.57
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Andrew Desktop Antvirus Software adwcleaner.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````