Jump to content

ATrout

Members
 View Profile  See their activity

  • Posts

    13

  • Joined

  • Last visited

 Content Type 

Posts posted by ATrout

    Common Virus? Infected files, tries to connect to malicious IP?

    in Resolved Malware Removal Logs

    Posted

    Ran SecurityCheck;

    Toshiba with it's "Pc health monitor" says that an illegal operation attempted to delete a registry key.

    My computer seems to be running fine; maybe this is the case: http://forums.malwarebytes.org/index.php?showtopic=47812

    Could it be similar to this? When I open the program (It's a multiplayer game), it lists all the servers available. It may just have shown one that malwarebytes classified as "malicious."

    LOG:

    Results of screen317's Security Check version 0.99.57

    Windows 7 Service Pack 1 x64 (UAC is enabled)

    Internet Explorer 9

    ``````````````Antivirus/Firewall Check:``````````````

    Windows Firewall Enabled!

    avast! Antivirus

    Antivirus up to date!

    `````````Anti-malware/Other Utilities Check:`````````

    Malwarebytes Anti-Malware version 1.70.0.1100

    Java 6 Update 25

    Java version out of Date!

    Google Chrome 24.0.1312.56

    Google Chrome 24.0.1312.57

    ````````Process Check: objlist.exe by Laurent````````

    Norton ccSvcHst.exe

    Andrew Desktop Antvirus Software adwcleaner.exe

    AVAST Software Avast AvastSvc.exe

    AVAST Software Avast AvastUI.exe

    `````````````````System Health check`````````````````

    Total Fragmentation on Drive C: 3%

    ````````````````````End of Log``````````````````````

    Common Virus? Infected files, tries to connect to malicious IP?

    in Resolved Malware Removal Logs

    Posted

    My Malwarebytes full scan has completed:


    Malwarebytes Anti-Malware (Trial) 1.70.0.1100
    www.malwarebytes.org
    Database version: v2013.02.01.11
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Andrew :: QUANTUM [administrator]
    Protection: Enabled
    2/1/2013 7:18:29 PM
    mbam-log-2013-02-01 (19-18-29).txt
    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 394125
    Time elapsed: 14 hour(s), 23 minute(s), 32 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)

    I am now running RogueKiller.

    (RogueKiller finished, found 2 things in the registry.)

    Here's the report:


    RogueKiller V8.4.4 _x64_ [Feb  1 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Andrew [Admin rights]
    Mode : Remove -- Date : 02/02/2013 09:44:45
    | ARK || MBR |¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ HOSTS File: ¤¤¤
    --> C:\windows\system32\drivers\etc\hosts
    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MK6475GSX +++++
    --- User ---
    [MBR] 72b47c3daff4ebab3cd639ac66d9b1c6
    [BSP] 373f5cce8dd4acee173f4b43dcc872a3 : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 594944 Mo
    2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1221519360 | Size: 14035 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!Finished : << RKreport[2]_D_02022013_02d0944.txt >>
    RKreport[1]_S_02022013_02d0943.txt ; RKreport[2]_D_02022013_02d0944.txt

    Common Virus? Infected files, tries to connect to malicious IP?

    in Resolved Malware Removal Logs

    Posted

    I have obtained the 2 logs...

    DDS:


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16421
    Run by Andrew at 9:31:43 on 2013-02-02
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4056.564 [GMT -5:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\system32\atiesrxx.exe
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\atieclxx.exe
    C:\windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\GFNEXSrv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe
    C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\windows\system32\TODDSrv.exe
    C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    C:\Program Files\RealVNC\VNC Server\vncserver.exe
    C:\Program Files\RealVNC\VNC Server\vncserver.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\TOSHIBA\TECO\TecoService.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\windows\system32\taskhost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
    C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
    C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
    C:\Program Files\Toshiba\TECO\Teco.exe
    C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
    C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
    C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\RealVNC\VNC Server\vncserver.exe
    C:\windows\system32\SearchIndexer.exe
    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Toshiba\ToshibaRegistration\TaisRegistPinger.exe
    C:\windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    C:\windows\system32\NOTEPAD.EXE
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\PC Booster\PCBooster.exe
    C:\Program Files (x86)\Steam\GameOverlayUI.exe
    C:\windows\System32\spoolsv.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\system32\taskmgr.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\windows\system32\wuauclt.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    c:\program files (x86)\steam\steamapps\blcitrus\team fortress 2\hl2.exe
    C:\Program Files (x86)\Steam\GameOverlayUI.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Update\Install\{3E03BFCA-B20E-4248-BCCC-66C31AD29534}\24.0.1312.57_24.0.1312.56_chrome_updater.exe
    C:\windows\TEMP\CR_BD47E.tmp\setup.exe
    C:\Program Files\AVAST Software\Avast\setup\avast.setup
    C:\windows\System32\svchost.exe -k WerSvcGroup
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uDefault_Page_URL = hxxp://start.toshiba.com
    uProxyOverride = <local>;*.local
    mWinlogon: Userinit = userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
    mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
    mRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    mRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{94084EFC-E01E-4379-95BA-48527CA3825B} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{94084EFC-E01E-4379-95BA-48527CA3825B}\07 : DHCPNameServer = 10.0.2.1
    TCP: Interfaces\{94084EFC-E01E-4379-95BA-48527CA3825B}\4456477796C6562764C4 : DHCPNameServer = 192.168.15.1
    TCP: Interfaces\{94084EFC-E01E-4379-95BA-48527CA3825B}\4656661657C647 : DHCPNameServer = 192.168.0.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
    x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
    x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
    x64-Run: [SRS Premium Sound HD] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe"  /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h
    x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
    x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
    x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
    x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    x64-Run: [TOSHIBA Face Recognition] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2012-9-24 984144]
    R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2012-9-24 370288]
    R1 ccSet_NAT;Norton Anti-Theft Settings Manager;C:\windows\System32\drivers\NATx64\0106000.011\ccSetx64.sys [2012-10-11 168096]
    R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2012-9-24 25232]
    R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2012-9-24 71600]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2012-7-19 93712]
    .
    =============== Created Last 30 ================
    .
    2013-01-20 19:39:20 -------- d-----w- C:\Users\Andrew\AppData\Roaming\Malwarebytes
    2013-01-20 19:39:08 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-01-20 19:39:06 24176 ----a-w- C:\windows\System32\drivers\mbam.sys
    2013-01-20 19:39:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-01-20 00:48:35 -------- d-----w- C:\Users\Andrew\AppData\Roaming\fltk.org
    2013-01-20 00:48:34 -------- d-----w- C:\ProgramData\fltk.org
    2013-01-17 15:17:53 230400 ----a-w- C:\windows\System32\Spool\prtprocs\x64\hpzppw71.dll
    2013-01-16 02:48:16 -------- d-----w- C:\Users\Andrew\AppData\Local\Razer
    2013-01-09 01:11:12 -------- d-----w- C:\Users\Andrew\AppData\Local\fontconfig
    2013-01-09 01:11:10 -------- d-----w- C:\Users\Andrew\AppData\Local\gegl-0.2
    2013-01-09 01:11:10 -------- d-----w- C:\Users\Andrew\.gimp-2.8
    2013-01-09 01:10:33 -------- d-----w- C:\Program Files (x86)\VTFEdit
    2013-01-09 01:06:46 -------- d-----w- C:\Program Files\Nem's Tools
    2013-01-09 00:58:05 -------- d-----w- C:\Program Files\GIMP 2
    .
    ==================== Find3M  ====================
    .
    2013-01-09 00:21:56 74248 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-09 00:21:56 697864 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    .
    ============= FINISH:  9:34:00.72 ===============

    Attatch:


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/22/2012 2:38:31 PM
    System Uptime: 2/1/2013 12:01:28 PM (21 hours ago)
    .
    Motherboard: Type2 - Board Vendor Name1 |  | Type2 - Board Product Name1
    Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz | U3E1 | 2501/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 581 GiB total, 465.248 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP15: 1/14/2013 6:20:11 PM - Scheduled Checkpoint
    RP16: 2/1/2013 6:26:56 PM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader X MUI
    Amazon Links
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    Amnesia: The Dark Descent
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AssaultCube v1.1.0.4
    Audacity 2.0.2
    avast! Free Antivirus
    Beeper
    Bejeweled 3
    Blender
    Bonjour
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    D3DX10
    Debut Video Capture Software
    FATE
    FirstTry
    Fraps
    Game Cam 2.6.1.0
    Garry's Mod
    GIMP 2.8.2
    Google Chrome
    Google Update Helper
    Half-Life Dedicated Server Update Tool
    Intel(R) Manageability Engine Firmware Recovery Agent
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Intel(R) USB 3.0 eXtensible Host Controller Driver
    Intel® Trusted Connect Service Client
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 25
    Junk Mail filter update
    LAME v3.99.3 (for Windows)
    Left 4 Dead 2
    Letters from Nowhere 2
    Malwarebytes Anti-Malware version 1.70.0.1100
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft Help Viewer 1.0
    Microsoft Office 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2008 (64-bit)
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 Native Client
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    Microsoft SQL Server System CLR Types
    Microsoft SQL Server VSS Writer
    Microsoft Visual Basic 2010 Express - ENU
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
    MSVCRT
    MSVCRT Redists
    MSVCRT_amd64
    No-IP DUC
    Norton Anti-Theft
    Norton PC Checkup
    OpenAL
    PC Booster 1.1.5.6
    Penguins!
    Plants vs. Zombies - Game of the Year
    PlayReady PC Runtime amd64
    PlayReady PC Runtime x86
    Polar Bowler
    Portal
    Premium Sound HD
    Razer Game Booster
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Realtek WLAN Driver
    Service Pack 1 for SQL Server 2008 (KB968369) (64-bit)
    Skype™ 6.0
    Sql Server Customer Experience Improvement Program
    Steam
    Synaptics Pointing Device Driver
    Team Fortress 2
    TF2 Items Editor
    Toshiba App Place
    TOSHIBA Application Installer
    TOSHIBA Assist
    Toshiba Book Place
    TOSHIBA Bulletin Board
    TOSHIBA Disc Creator
    TOSHIBA eco Utility
    TOSHIBA Face Recognition
    TOSHIBA Hardware Setup
    TOSHIBA HDD/SSD Alert
    Toshiba Laptop Checkup
    TOSHIBA Media Controller
    TOSHIBA Media Controller Plug-in
    Toshiba Online Backup
    TOSHIBA PC Health Monitor
    TOSHIBA Quality Application
    TOSHIBA Recovery Media Creator
    TOSHIBA ReelTime
    TOSHIBA Resolution+ Plug-in for Windows Media Player
    Toshiba Security Dashboard
    TOSHIBA Service Station
    TOSHIBA Sleep Utility
    TOSHIBA Supervisor Password
    TOSHIBA User's Guide
    TOSHIBA Value Added Package
    TOSHIBA Web Camera Application
    TOSHIBARegistration
    Update Installer for WildTangent Games App
    Vegas Movie Studio HD 11.0
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    VNC Mirror Driver 1.8.0
    VNC Printer Driver 1.8.0
    VNC Server 5.0.3
    VTFEdit 1.2.5
    VTFEdit 1.3.3
    WildTangent Games
    WildTangent Games App (Toshiba Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR 4.20 (32-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/31/2013 7:17:20 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR4.
    1/31/2013 7:08:08 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR3.
    1/30/2013 6:39:57 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR2.
    1/29/2013 5:41:37 PM, Error: bowser [8003]  - The master browser has received a server announcement from the computer HP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{94084EFC-E01E-4379-95BA-48527CA3825B}. The master browser is stopping or an election is being forced.
    1/29/2013 5:41:34 PM, Error: NetBT [4319]  - A duplicate name has been detected on the TCP network.  The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
    1/29/2013 5:40:44 PM, Error: Tcpip [4199]  - The system detected an address conflict for IP address 192.168.1.2 with the system having network hardware address 8C-A9-82-9F-5F-28. Network operations on this system may be disrupted as a result.
    .
    ==== End Of File ===========================[/b]
    [b]

    Common Virus? Infected files, tries to connect to malicious IP?

    in Resolved Malware Removal Logs

    Posted

    Hello;

    I have had malwarebytes AND avast block repeated attempts to connect to a malicious IP.

    Funnily enough, avast detected that something in it's code was attempting to do the same.

    I'm wondering if I'm infected, but I don't know for sure.

    I also play some games from Steam, which run on the source engine. Most of these processes go by the alias "hl2.exe"

    MBAM also detected this program trying to access malicious IP addresses, which it successfully blocked.

    I'm too worried to open the game back up, (It's multiplayer, and has a server list,) unless something gets through.

    I can post screenshots if needed;

    Assistance would be appreciated! :unsure:

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.