Jump to content

brandonb

Members
  • Posts

    16
  • Joined

  • Last visited

Everything posted by brandonb

  1. Thanks for reply I have google chrome but ill use firefox, what is the extensions names ?
  2. Hi, Can anyone suugest a download manager that is malware and virus free ? Please help Brandonb
  3. Thanks for your help. :D

  4. Thanks, checkup.txt Results of screen317's Security Check version 0.99.68 Windows 7 x64 (UAC is enabled) Out of date service pack!! Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 25 Adobe Reader 10.1.6 Adobe Reader out of Date! Google Chrome 26.0.1410.64 Google Chrome 27.0.1453.116 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 8% ````````````````````End of Log`````````````````````` ------------------------------------------------------------------------------------------------
  5. There are no problems that remain from the look of it. Attached RK_Quarantine.zip RK_Quarantine.zip
  6. It found 1 threat not the iswizard.7z one but something about winhack. My pc hasnt alerted about the iswizard for a while now.
  7. Hi, This is the log i got. log.txt ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OKOnlineScanner.ocx - registred OK--------------------------------------------------
  8. Hi, AdwCleaner[s1].txt # AdwCleaner v2.303 - Logfile created 07/02/2013 at 21:03:04# Updated 08/06/2013 by Xplode# Operating system : Windows 7 Ultimate (64 bits)# User : Branden - BRANDON-PC# Boot Mode : Normal# Running from : C:\Users\Branden\Desktop\adwcleaner.exe# Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Users\Branden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnkFile Deleted : C:\Users\Branden\Desktop\iLivid.lnkFolder Deleted : C:\Program Files (x86)\Common Files\SpeedbitFolder Deleted : C:\Program Files (x86)\OAppsFolder Deleted : C:\Program Files (x86)\WondershareFolder Deleted : C:\ProgramData\SpeedbitFolder Deleted : C:\Users\Branden\AppData\Local\IlividFolder Deleted : C:\Users\Branden\AppData\LocalLow\SpeedbitFolder Deleted : C:\Users\Branden\AppData\LocalLow\Toolbar4 ***** [Registry] ***** Key Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\ilividKey Deleted : HKCU\Software\SpeedBitKey Deleted : HKCU\Software\YahooPartnerToolbarKey Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}Key Deleted : HKLM\Software\ConduitKey Deleted : HKLM\Software\SpeedBitKey Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilividKey Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16476 -\\ Google Chrome v27.0.1453.116 File : C:\Users\Branden\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [2627 octets] - [02/07/2013 20:51:39]AdwCleaner[s1].txt - [2382 octets] - [02/07/2013 21:03:04] ########## EOF - C:\AdwCleaner[s1].txt - [2442 octets] ########## -----------------------------------------------------------------------------------------------------------
  9. Sorry. I mean i dont mind deleting the things found in Adwcleaner
  10. Hi, Log attached. Dont have anything in temp folders. AdwCleanerR1.txt
  11. Ok just want to ad this - I found this in my Windows 7 task manager, processes. It shows dwm.exe is a desktop window manager. It also shows it uses memory. Recently i checked out free programs that can make windows in Windows 7 topmost ( To let a window always be on top) the infection may have come from one of these programs. But i uninstalled them all. Cropped Printscreen attached.
  12. Hi, Thanks once again. Log attached Brandonb ComboFix.txt
  13. Hi, Thanks again Loggs attached Brandonb mbar-log-2013-07-02 (18-25-47).txt mbar-log-2013-07-02 (18-44-01).txt system-log.txt
  14. Hi, Thanks for your help dds.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.25.2Run by Branden at 16:12:27 on 2013-07-02Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4082.2246 [GMT 2:00].AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\DAEMON Tools Lite\DTLite.exeC:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exeC:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exeC:\Program Files (x86)\DAP\DAP.exeC:\Windows\SysWOW64\rundll32.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exeC:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exeC:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exeC:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\wuauclt.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\Internet Explorer\IELowutil.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\System32\mobsync.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mStart Page = about:blankmWinlogon: Userinit = userinit.exe,BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: SpeedBit Link Verification Helper: {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files (x86)\DAP\LinkVerifier.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dlluRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorunuRun: [iSUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduleruRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hiddenuRun: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytrayuRun: [DownloadAccelerator] "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUPuRun: [AdobeBridge] <no file>mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [blackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /backgroundmRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /noguimRun: [browserPlugInHelper] C:\Program Files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htmIE: &Verify with DAP - C:\Program Files (x86)\DAP\dapverify.htmIE: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htmIE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000TCP: NameServer = 192.168.137.1TCP: Interfaces\{9AD8CC99-7BA1-4DD1-8C01-B6007AAAE3C3} : DHCPNameServer = 192.168.137.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllName-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie.dllName-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie.dllSSODL: WebCheck - <orphaned>mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-mStart Page = about:blankx64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServicesx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie64.dllx64-Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie64.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-6-24 65336]R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-6-24 189936]R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-11-3 52856]R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-6-24 1030952]R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-6-24 378944]R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-28 361984]R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-6-24 33400]R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-6-24 80816]R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-6-24 46808]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-2 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-2 701512]R2 SBUpd;SpeedBit Update;C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe [2013-2-27 1097848]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]R2 VMCService;Vodafone Mobile Connect Service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-7-4 14336]R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2008-1-7 46136]R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-3-4 126952]R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-3-4 390632]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-2 25928]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2008-1-7 646248]R3 SBUpdd;SpeedBit UpdateD;C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [2013-2-27 40856]R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2008-1-7 44672]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [2013-5-19 276256]S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\System32\drivers\nmwcdnsucx64.sys [2012-1-9 12800]S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2012-1-9 171008]S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-22 1255736].=============== Created Last 30 ================.2013-07-01 20:20:50 -------- d-----w- C:\Users\Branden\AppData\Roaming\FreeFixer2013-07-01 20:20:50 -------- d-----w- C:\Users\Branden\AppData\Local\FreeFixer2013-06-29 18:55:51 -------- d-----w- C:\Users\Branden\AppData\Roaming\KeeperData2013-06-29 18:55:42 -------- d-----w- C:\Program Files (x86)\Keeper Security2013-06-29 14:02:27 -------- d-----w- C:\Users\Branden\AppData\Roaming\VoipBuster2013-06-28 20:13:26 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe2013-06-28 13:08:56 -------- d-----w- C:\Program Files (x86)\DeskPins2013-06-26 11:14:55 -------- d-----w- C:\Users\Branden\AppData\Roaming\AVS4YOU2013-06-26 11:14:01 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia2013-06-26 11:13:29 24576 ----a-w- C:\Windows\SysWow64\msxml3a.dll2013-06-26 11:13:29 1700352 ----a-w- C:\Windows\SysWow64\GdiPlus.dll2013-06-26 11:13:29 -------- d-----w- C:\ProgramData\AVS4YOU2013-06-26 11:13:17 -------- d-----w- C:\Program Files (x86)\AVS4YOU2013-06-26 09:21:28 -------- d-----w- C:\Users\Branden\AppData\Roaming\Xilisoft2013-06-26 08:58:09 -------- d-----w- C:\Users\Branden\AppData\Roaming\Wondershare Video Converter Ultimate2013-06-26 08:57:50 -------- d-----w- C:\Program Files\Common Files\Wondershare2013-06-26 08:57:41 727952 ----a-w- C:\Windows\SysWow64\WSCM64.dll2013-06-26 08:57:33 -------- d-----w- C:\ProgramData\Wondershare Video Converter Ultimate2013-06-26 08:57:30 -------- d-----w- C:\Program Files (x86)\Wondershare2013-06-25 17:31:20 -------- d-----w- C:\Users\Branden\AppData\Roaming\EQATEC Analytics2013-06-25 17:27:30 -------- d-----w- C:\ProgramData\SpeedBit2013-06-25 17:27:15 -------- d-----w- C:\Program Files (x86)\DAP2013-06-25 17:26:37 172032 ----a-w- C:\Windows\SysWow64\AniGIF.ocx2013-06-25 17:26:20 -------- d-----w- C:\Program Files\Common Files\SpeedBit2013-06-25 17:18:26 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedBit2013-06-25 13:18:54 -------- d-----w- C:\Users\Branden\AppData\Local\skybn2013-06-25 13:14:09 249856 ------w- C:\Windows\Setup1.exe2013-06-25 13:14:08 73216 ----a-w- C:\Windows\ST6UNST.EXE2013-06-24 11:31:36 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys2013-06-24 11:31:33 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys2013-06-24 11:31:31 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys2013-06-24 11:31:28 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys2013-06-24 11:31:27 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys2013-06-24 11:30:31 41664 ----a-w- C:\Windows\avastSS.scr2013-06-24 11:30:21 -------- d-----w- C:\Program Files\AVAST Software2013-06-24 11:12:02 -------- d-----w- C:\ProgramData\AVAST Software2013-06-24 09:22:20 236467 ----a-w- C:\ProgramData\1372065591.bdinstall.bin2013-06-22 11:57:45 -------- d-----w- C:\Program Files (x86)\Matrix Screen Locker2013-06-22 11:53:42 -------- d-----w- C:\Program Files (x86)\OApps2013-06-21 10:13:34 -------- d-----w- C:\Program Files (x86)\FVD Suite2013-06-21 09:25:13 -------- d-----w- C:\Users\Branden\AppData\Local\iLivid2013-06-21 09:12:52 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-06-21 08:55:58 -------- d-----w- C:\Program Files\WinPcap2013-06-21 08:55:23 -------- d-----w- C:\ProgramData\Freemake2013-06-21 08:55:19 -------- d-----w- C:\Program Files (x86)\Freemake2013-06-09 07:04:10 91264 ----a-w- C:\Windows\SysWow64\EasyHook32.dll.==================== Find3M ====================.2013-07-02 12:50:01 99384 ----a-w- C:\Users\Branden\AppData\Roaming\inst.exe2013-07-02 12:50:01 82816 ----a-w- C:\Users\Branden\AppData\Roaming\pcouffin.sys2013-06-21 09:12:46 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-06-21 09:12:46 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-05-19 11:50:23 276256 ----a-w- C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys2013-04-21 23:08:29 1187328 ----a-w- C:\ProgramData\1366570614.bdinstall.bin2013-04-21 18:40:49 151552 ----a-w- C:\Windows\KMSEmulator.exe2013-04-21 18:39:13 207814 ----a-w- C:\ProgramData\1366569462.bdinstall.bin2013-04-21 18:09:32 560184 ----a-w- C:\Windows\System32\drivers\sptd.sys2013-04-21 16:49:59 373630 ----a-w- C:\ProgramData\1366562159.bdinstall.bin2013-04-21 15:49:09 49834 ----a-w- C:\ProgramData\1366559343.bdinstall.bin2013-04-21 15:28:48 1024712 ----a-w- C:\ProgramData\1366555127.bdinstall.bin2013-04-21 14:34:55 49834 ----a-w- C:\ProgramData\1366554890.bdinstall.bin2013-04-21 14:33:21 1029253 ----a-w- C:\ProgramData\1366551834.bdinstall.bin2013-04-21 12:53:03 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-04-04 12:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-02-17 03:27:32 2174976 ----a-w- C:\Program Files (x86)\Common Files\atimpenc.dll2006-05-03 09:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll2007-02-21 10:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll2008-03-16 12:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll2010-01-06 21:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll.============= FINISH: 16:12:53.03 =============== attach.txt.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1Install Date: 1/7/2008 8:58:12 AMSystem Uptime: 7/2/2013 3:10:02 PM (1 hours ago).Motherboard: MSI | | 970A-G46 (MS-7693)Processor: AMD Phenom II X4 965 Processor | CPU 1 | 2176/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 233 GiB total, 107.714 GiB free.D: is CDROM ()E: is CDROM ()F: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP94: 6/25/2013 4:51:39 PM - Installed 1CLICK DVD COPY PRORP95: 6/25/2013 6:05:19 PM - Installed 1CLICK DVD COPY PRORP96: 7/2/2013 2:48:58 PM - Removed Bluesoleil2.6.0.8 Release 070517RP97: 7/2/2013 2:54:05 PM - Removed Skype Click to Call.==== Installed Programs ======================.Adobe Flash Player 11 ActiveXAdobe Reader X (10.1.6)AMD APP SDK RuntimeAMD Catalyst Install ManagerAMD FuelAsmedia ASM104x USB 3.0 Host Controller Driveravast! Free AntivirusBlackBerry Desktop Software 5.0.1BlackBerry® Media SyncCatalyst Control CenterCatalyst Control Center InstallProxyCatalyst Control Center Localization AllCatalyst Control Center Profiles Mobileccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishD3DX10Definition Update for Microsoft Office 2010 (KB982726) 64-Bit EditionDownload Accelerator Plus (DAP)DVD Decrypter (Remove Only)Google ChromeGoogle DriveGoogle Update HelperiLividImgBurnJava 7 Update 25Java Auto UpdaterKeeper Password & Data VaultLAME v3.99.3 (for Windows)LightScribe System SoftwareMalwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office Language Interface Pack 2010 - AfrikaansMicrosoft Office Office 32-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Plus 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 32-bit MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Word MUI (English) 2010Microsoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft WSE 3.0 RuntimeMicrosoft_VC80_CRT_x86Microsoft_VC90_CRT_x86Movie MakerMSVC90_x64MSVC90_x86MSVCRTMSVCRT110MSVCRT110_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Network Play System (Patching)Nokia Connectivity Cable DriverNokia PC SuiteNVIDIA 3D Vision Controller Driver 306.97NVIDIA 3D Vision Driver 311.06NVIDIA Control Panel 311.06NVIDIA Graphics Driver 311.06NVIDIA HD Audio Driver 1.3.18.0NVIDIA Install ApplicationNVIDIA PhysXNVIDIA PhysX System Software 9.12.0604NVIDIA Stereoscopic 3D DriverNVIDIA Update 1.11.3NVIDIA Update ComponentsOriginPC Connectivity SolutionPhoto CommonPhoto GalleryRealtek Ethernet Controller DriverRoxio Media ManagerSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)SimCity™ SocietiesSkype™ 6.1SUPER © v2012.build.54 (Nov 18, 2012) version v2012.build.54The Sims 2 Family Fun StuffThe Sims 2 Glamour Life StuffThe Sims 2 Open For BusinessThe Sims 2 PetsThe Sims 2 UniversityThe Sims™ 2 Apartment LifeThe Sims™ 2 Bon VoyageThe Sims™ 2 Double DeluxeThe Sims™ 2 FreeTimeThe Sims™ 2 H&M® Fashion StuffThe Sims™ 2 IKEA® Home StuffThe Sims™ 2 Kitchen & Bath Interior Design StuffThe Sims™ 2 Mansion and Garden StuffThe Sims™ 2 SeasonsThe Sims™ 2 Teen Style StuffThe Sims™ 3The Sims™ 3 70s, 80s, & 90s StuffThe Sims™ 3 AmbitionsThe Sims™ 3 Create a SimThe Sims™ 3 Diesel StuffThe Sims™ 3 Fast Lane StuffThe Sims™ 3 GenerationsThe Sims™ 3 High-End Loft StuffThe Sims™ 3 Katy Perry's Sweet TreatsThe Sims™ 3 Late NightThe Sims™ 3 Master Suite StuffThe Sims™ 3 Outdoor Living StuffThe Sims™ 3 PetsThe Sims™ 3 SeasonsThe Sims™ 3 ShowtimeThe Sims™ 3 SupernaturalThe Sims™ 3 Town Life StuffThe Sims™ 3 World AdventuresUltraISO Premium V9.35Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft Office 2010 (KB2553092)VD64InstVLC media player 2.0.7Vodafone Mobile Connect LiteWindows Driver Package - Nokia Modem (02/25/2011 4.7)Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Photo CommonWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWinPcap 4.1.2WinRAR 4.00 (64-bit)X-BladesYahoo! Detect.==== Event Viewer Messages From Past Week ========.7/2/2013 3:13:24 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).7/2/2013 3:13:24 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.7/2/2013 3:11:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BTHidMgr7/2/2013 3:11:21 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect.7/1/2013 9:53:56 AM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147024846.7/1/2013 9:53:56 AM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80070032.6/28/2013 9:53:09 PM, Error: Disk [11] - The driver detected a controller error on \...\DR4.6/26/2013 10:42:42 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user BRANDON-PC\Branden SID (S-1-5-21-579728-3509017212-2056715366-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.6/25/2013 6:17:42 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000046, 0xfffff80002ea2bf4, 0xfffff8800a3420d0, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 062513-33649-01.6/25/2013 6:12:26 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000046, 0xfffff80002efabf4, 0xfffff88008dd70d0, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 062513-31855-01.6/25/2013 2:09:44 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit..==== End Of File =========================== RKreport[0]_S_07022013_163451.txt RogueKiller V8.6.2 _x64_ [Jul 2 2013] by Tigzymail : tigzyRK<at>gmail<dot>comBlog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 64 bits versionStarted in : Normal modeUser : Branden [Admin rights]Mode : Scan -- Date : 07/02/2013 16:34:51| ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤[DLL] rundll32.exe -- C:\Users\Branden\AppData\Local\Temp\\tsiVi132.dll [-] -> KILLED [TermProc] ¤¤¤ Registry Entries : 4 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : tsiVideo (C:\Windows\SysWOW64\rundll32.exe C:\Users\Branden\AppData\Local\Temp\\tsiVi132.dll,start [7][-]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-579728-3509017212-2056715366-1000\[...]\Run : tsiVideo (C:\Windows\SysWOW64\rundll32.exe C:\Users\Branden\AppData\Local\Temp\\tsiVi132.dll,start [7][-]) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3250318AS ATA Device +++++--- User ---[MBR] 1e4159a852eadab4f17ce3ad0e66272f[bSP] dedd7f18e2b98e2b9a2d75421fc63bca : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238372 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_07022013_163451.txt >> --------------------------------------------------------------------------- Brandonb
  15. Hi, Recently ive had problems with a Trojan.Bitcoin.Miner in a folder iswizard (C:\Users\Name\AppData\Local\Temp\iswizard\) its located in a .7z zip file: dwm.exe when i remove it with Malwarebytes Anti-Malware it seems to relocate itself in that folder. Then Anti-Malware puts it back in Quarantine. My anti-virus program seems to also not solve this problem. Please help, Brandonb
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.