Jump to content

Search the Community

Showing results for tags 'Malware.Trace'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 8 results

  1. Hello, There so ill give some background info.
  2. Hello, Malwarebytes found a bunch of different PUP.Optional and a Malware.Trace infection on my computer. I have not yet tried to delete them, as Malwarebytes by default only checks the box next to the Malware.Trace infection. The DDS log is DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2 Run by KB at 23:31:38 on 2014-01-02 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2520.849 [GMT 1:00] . AV: avast! Internet Security *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: avast! Internet Security *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Internet Security *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\ibmpmsvc.exe C:\Windows\system32\atiesrxx.exe C:\Windows\system32\atieclxx.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Program Files\AVAST Software\Avast\afwServ.exe C:\Windows\System32\spoolsv.exe C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\FortiSSLVPNdaemon.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\StatSoft\STATISTICA Version Manager\rgSTr.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe C:\Program Files\Lenovo\Access Connections\AcSvc.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\System32\TpShocks.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\System32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe C:\Users\KB_2\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe C:\Program Files\Personal\bin\Personal.exe C:\Users\KB_2\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\System32\WUDFHost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\DllHost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k HsfXAudioService C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\System32\svchost.exe -k swprv . ============== Pseudo HJT Report =============== . BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [sony PC Companion] "c:\program files\sony\sony pc companion\PCCompanion.exe" /Background uRun: [Amazon Cloud Player] "c:\users\kb\appdata\local\amazon cloud player\Amazon Music Helper.exe" uRun: [AmazonMP3DownloaderHelper] c:\users\kb\appdata\local\program files\amazon\mp3 downloader\AmazonMP3DownloaderHelper.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [AcWin7Hlpr] c:\program files\lenovo\access connections\AcTBenabler.exe mRun: [TpShocks] TpShocks.exe mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [tsnp2uvc] c:\windows\tsnp2uvc.exe mRun: [LENOVO.TPKNRRES] c:\program files\lenovo\communications utility\TPKNRRES.exe mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe" mRun: [smartAudio] c:\program files\conexant\saii\SAIICpl.exe /t mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui mRunOnce: [MSPCLOCK] rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000} mRunOnce: [MSPQM] rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196} mRunOnce: [MSKSSRV] rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196} mRunOnce: [MSTEE.CxTransform] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},c:\windows\inf\ksfilter.inf,MSTEE.Interface.Install mRunOnce: [MSTEE.Splitter] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},c:\windows\inf\ksfilter.inf,MSTEE.Interface.Install mRunOnce: [WDM_DRMKAUD] rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},c:\windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install mRunOnce: [20131224] c:\program files\avast software\avast\setup\emupdate\6e751c7a-6b4e-4e54-82d9-24668a091bda.exe /check mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: DisallowCpl = dword:1 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: DisableCAD = dword:1 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll TCP: NameServer = 192.168.0.1 192.168.0.2 TCP: Interfaces\{25445451-E335-4ADB-8698-95422E3566B8} : DHCPNameServer = 192.168.0.1 192.168.0.2 TCP: Interfaces\{25445451-E335-4ADB-8698-95422E3566B8}\354756E637F6666616 : DHCPNameServer = 195.67.199.39 195.67.199.40 TCP: Interfaces\{25445451-E335-4ADB-8698-95422E3566B8}\64259445A51224F687 : DHCPNameServer = 192.168.178.1 TCP: Interfaces\{25445451-E335-4ADB-8698-95422E3566B8}\7596C6C656D63786F6566756 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{25445451-E335-4ADB-8698-95422E3566B8}\75C414E4D2030323436454147344447363 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{25445451-E335-4ADB-8698-95422E3566B8}\A55424 : DHCPNameServer = 192.168.201.1 TCP: Interfaces\{25445451-E335-4ADB-8698-95422E3566B8}\E494F4F4D2751474 : DHCPNameServer = 10.128.20.45 10.128.20.44 TCP: Interfaces\{E9623EF3-A578-421D-8916-7B22E88C7338} : DHCPNameServer = 130.235.63.228 130.235.63.232 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: igfxcui - igfxdev.dll AppInit_DLLs= SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL LSA: Notification Packages = scecli ACGina mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ================= FIREFOX =================== . FF - ProfilePath - c:\users\kb\appdata\roaming\mozilla\firefox\profiles\pqsrjkp4.default\ FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll FF - plugin: c:\program files\fortinet\sslvpnclient\npccplugin.dll FF - plugin: c:\program files\fortinet\sslvpnclient\nptcplugin.dll FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\personal\bin\np_prsnl.dll FF - plugin: c:\program files\sony\media go\npmediago.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-15 49944] R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-15 180248] R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2013-1-12 25416] R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2012-9-6 20328] R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-1-12 26136] R1 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\drivers\aswNdisFlt.sys [2013-3-15 264560] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-1-12 775952] R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2013-1-12 410528] R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2013-1-12 13680] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-1-12 176128] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-1-12 67824] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-12-21 50344] R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2013-12-21 113704] R2 FortiSslvpnDaemon;FortiClient SSLVPN;c:\windows\system32\FortiSSLVPNdaemon.exe [2011-10-14 830056] R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-14 20992] R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2013-1-12 43584] R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\lenovo\communications utility\TPKNRSVC.exe [2013-1-12 62016] R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2013-1-12 127336] R2 STATISTICA Version Manager;STATISTICA Version Manager;c:\program files\statsoft\statistica version manager\rgSTr.exe [2013-11-19 18944] R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2013-1-12 131432] R2 TPHKSVC;Anzeige am Bildschirm;c:\program files\lenovo\hotkey\TPHKSVC.exe [2013-1-12 142696] R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\intel\wifi\bin\ZeroConfigService.exe [2012-6-25 2759984] R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2012-8-30 969192] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6232.sys [2013-1-12 223960] R3 intelkmd;intelkmd;c:\windows\system32\drivers\igdpmd32.sys [2013-1-12 9037312] R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2009-5-11 88832] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-1-2 40776] R3 NETwNs32;___ Intel® Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\drivers\NETwNs32.sys [2012-1-23 7523840] R3 pppop;PPPoP WAN Adapter;c:\windows\system32\drivers\pppop.sys [2009-7-21 36384] R3 SmbDrvI;SmbDrvI;c:\windows\system32\drivers\Smb_driver_Intel.sys [2013-1-12 38200] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2011-5-30 37432] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2013-1-12 101736] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536] S3 aswStm;aswStm;c:\windows\system32\drivers\aswstm.sys [2013-12-21 64168] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2013-1-12 45736] S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2013-1-12 280640] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2013-6-29 12400] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-12-12 108032] S3 netw5v32;Intel® Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168] S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2013-1-12 1666112] S3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\thinkpad\utilities\PWMEWSVC.exe [2013-1-12 1665088] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-1-12 14848] S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2013-6-29 155824] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504] S3 StorSvc;Speicherdienst;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992] S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2008-9-23 42368] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-1-12 49664] S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\wat\WatAdminSvc.exe [2013-1-12 1343400] . =============== Created Last 30 ================ . 2014-01-02 16:51:47 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2014-01-02 16:51:46 -------- d-----w- c:\users\kb\appdata\roaming\Malwarebytes 2014-01-02 16:51:34 -------- d-----w- c:\programdata\Malwarebytes 2014-01-02 16:51:31 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-01-02 16:51:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2014-01-02 06:53:53 7760024 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{52a91d32-7058-4022-ad72-efd256ebfc68}\mpengine.dll 2013-12-21 07:19:49 64168 ----a-w- c:\windows\system32\drivers\aswstm.sys 2013-12-19 17:04:07 -------- d-----w- c:\users\kb\appdata\local\Program Files 2013-12-19 16:41:29 -------- d-----w- c:\users\kb\appdata\local\Amazon Cloud Player 2013-12-19 11:08:55 -------- d-----w- c:\program files\QGIS Dufour 2013-12-12 00:37:15 12625408 ----a-w- c:\windows\system32\wmploc.DLL 2013-12-12 00:37:14 164864 ----a-w- c:\program files\windows media player\wmplayer.exe 2013-12-11 13:14:23 301568 ----a-w- c:\windows\system32\msieftp.dll 2013-12-11 13:14:22 159232 ----a-w- c:\windows\system32\imagehlp.dll 2013-12-11 13:14:21 163840 ----a-w- c:\windows\system32\scrrun.dll 2013-12-11 13:14:21 141824 ----a-w- c:\windows\system32\wscript.exe 2013-12-11 13:14:21 126976 ----a-w- c:\windows\system32\cscript.exe 2013-12-11 13:14:21 121856 ----a-w- c:\windows\system32\wshom.ocx 2013-12-11 13:14:20 417792 ----a-w- c:\windows\system32\WMPhoto.dll 2013-12-11 13:14:18 2048 ----a-w- c:\windows\system32\tzres.dll 2013-12-11 13:14:15 81408 ----a-w- c:\windows\system32\drivers\drmk.sys 2013-12-11 13:14:15 2349056 ----a-w- c:\windows\system32\win32k.sys 2013-12-11 13:14:15 177152 ----a-w- c:\windows\system32\drivers\portcls.sys 2013-12-05 08:51:30 -------- d-----w- c:\program files\SADIE Analysis 2013-12-05 08:39:05 -------- d-----w- c:\program files\TumblRipper . ==================== Find3M ==================== . 2013-12-21 07:19:29 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-12-21 07:19:29 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-12-21 07:19:29 43152 ----a-w- c:\windows\avastSS.scr 2013-12-21 07:19:29 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-12-21 07:19:16 264560 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys 2013-12-15 10:30:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-12-15 10:30:38 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-12-11 16:36:39 204 ----a-w- c:\windows\system32\yqge91v.dll 2013-12-11 16:36:39 100 ----a-w- c:\windows\system32\prsgrc.dll 2013-11-26 09:23:02 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2013-11-26 09:22:11 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll 2013-11-26 08:53:56 61952 ----a-w- c:\windows\system32\iesetup.dll 2013-11-26 08:52:26 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll 2013-11-26 08:29:55 112128 ----a-w- c:\windows\system32\ieUnatt.exe 2013-11-26 08:29:52 108032 ----a-w- c:\windows\system32\ieetwcollector.exe 2013-11-26 08:28:16 553472 ----a-w- c:\windows\system32\jscript9diag.dll 2013-11-26 08:16:12 4243968 ----a-w- c:\windows\system32\jscript9.dll 2013-11-26 07:32:06 1928192 ----a-w- c:\windows\system32\inetcpl.cpl 2013-11-26 06:33:33 1820160 ----a-w- c:\windows\system32\wininet.dll 2013-11-19 02:33:38 230048 ------w- c:\windows\system32\MpSigStub.exe 2013-10-24 07:00:05 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-10-24 07:00:05 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-10-24 06:59:51 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2013-10-14 17:41:58 204784 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2013-10-14 17:41:58 104752 ----a-w- c:\windows\system32\drivers\aswFW.sys 2013-10-12 02:03:08 656896 ----a-w- c:\windows\system32\nshwfp.dll 2013-10-12 02:01:41 679424 ----a-w- c:\windows\system32\IKEEXT.DLL 2013-10-12 02:01:25 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL 2013-10-08 05:50:41 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-10-05 19:57:25 1168384 ----a-w- c:\windows\system32\crypt32.dll . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7601 Disk: ST950042 rev.0003 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 . device: opened successfully user: MBR read successfully . Disk trace: called modules: >>UNKNOWN [0x82E17000]<< >>UNKNOWN [0x8A5C3000]<< >>UNKNOWN [0x8A5B2000]<< >>UNKNOWN [0x89EBA000]<< >>UNKNOWN [0x8322A000]<< >>UNKNOWN [0x8A01C000]<< _asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; } 1 ntkrnlpa!IofCallDriver[0x82E4DBBA] -> \Device\Harddisk0\DR0[0x86944030] \Driver\Disk[0x86943E60] -> IRP_MJ_CREATE -> 0x8A5C739F 3 [0x8A5C759E] -> ntkrnlpa!IofCallDriver[0x82E4DBBA] -> [0x85EF5100] \Driver\ACPI[0x85198E58] -> IRP_MJ_CREATE -> 0x89EC34CC 5 [0x89EC33D4] -> ntkrnlpa!IofCallDriver[0x82E4DBBA] -> \Device\Ide\IAAStorageDevice-1[0x85F44028] \Driver\iaStor[0x85EF5D08] -> IRP_MJ_CREATE -> 0x8A060954 kernel: MBR read successfully _asm { JMP 0x10; } user & kernel MBR OK Warning: possible TDL3 rootkit infection ! . ============= FINISH: 23:31:51,09 =============== The Attach.txt is . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 12.01.2013 16:33:56 System Uptime: 02.01.2014 10:29:04 (13 hours ago) . Motherboard: LENOVO | | 2786W3C Processor: Intel® Core2 Duo CPU T6670 @ 2.20GHz | None | 2201/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 146 GiB total, 70,224 GiB free. D: is FIXED (NTFS) - 319 GiB total, 256,136 GiB free. E: is CDROM () F: is FIXED (NTFS) - 931 GiB total, 312,412 GiB free. J: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: Description: WD SES Device USB Device Device ID: USBSTOR\OTHER&VEN_WD&PROD_SES_DEVICE&REV_1003\575836314132314135373034&1 Manufacturer: Name: WD SES Device USB Device PNP Device ID: USBSTOR\OTHER&VEN_WD&PROD_SES_DEVICE&REV_1003\575836314132314135373034&1 Service: . ==== System Restore Points =================== . RP178: 17.12.2013 07:55:04 - Windows Update RP179: 20.12.2013 09:16:56 - Windows Update RP181: 21.12.2013 08:17:18 - avast! antivirus system restore point RP182: 21.12.2013 08:20:02 - Gerätetreiber-Paketinstallation: Avast Netzwerkdienst RP183: 23.12.2013 09:32:29 - Windows-Sicherung RP184: 24.12.2013 09:22:35 - Windows Update RP185: 27.12.2013 09:34:02 - Windows Update RP186: 02.01.2014 07:53:28 - Windows Update RP187: 02.01.2014 07:57:03 - Windows-Sicherung . ==== Installed Programs ====================== . 7-Zip 9.20 Access Help Adobe Acrobat X Pro - English, Français, Deutsch Adobe AIR Adobe Community Help Adobe Content Viewer Adobe Creative Suite 5.5 Design Standard Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Amazon Cloud Player Amazon MP3-Downloader 1.0.18 Anzeige am Bildschirm ATI Catalyst Install Manager ATI Uninstaller avast! Internet Security BankID Security Application Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Dutch CCC Help English CCC Help French CCC Help German CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Portuguese CCC Help Spanish CCC Help Swedish Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Citavi Civilization III Complete Edition Civilization III v1.29f Comprehensive Meta Analysis Version 2 Conexant 20561 SmartAudio HD Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dienstprogramm "ThinkPad UltraNav" Energie-Manager FortiClient SSLVPN v4.0.2148 Google Chrome Google Update Helper GPS TrackMaker Integrated Camera Intel PROSet Wireless Intel® Management Engine Interface Intel® Network Connections Drivers Intel® Matrix Storage Manager Intel® PROSet/Wireless WiFi-Software InterVideo Register Manager InterVideo WinDVD IrfanView (remove only) IsoSource Java 7 Update 45 Java Auto Updater Lenovo Auto Scroll Utility Lenovo Patch Utility Lenovo Power Management Driver Lenovo System Interface Driver Lenovo System Update Malwarebytes Anti-Malware Version 1.75.0.1300 Map of Europe Media Go Media Go Video Playback Engine 1.116.107.02030 Mendeley Desktop 1.8.3 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Office Access MUI (English) 2010 Microsoft Office Access MUI (German) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Excel MUI (German) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office Groove MUI (German) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office InfoPath MUI (German) 2010 Microsoft Office Language Pack 2010 - German/Deutsch Microsoft Office O MUI (German) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office OneNote MUI (German) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office Outlook MUI (German) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office PowerPoint MUI (German) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proof (Italian) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Proofing (German) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Publisher MUI (German) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared MUI (German) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office SharePoint Designer MUI (German) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Office Word MUI (German) 2010 Microsoft Office X MUI (German) 2010 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 Mozilla Firefox 26.0 (x86 de) Mozilla Maintenance Service Mozilla Thunderbird 17.0.3 (x86 de) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyPhoneExplorer PASSaGE 2 PDF Settings CS5 PlayStation®Store PRIMER 6 ProCite 5 PX Profile Update Python 2.7 scipy-0.11.0 Python 2.7.3 QGIS Dufour 2.0.1 Dufour R for Windows 2.15.2 R for Windows 2.15.3 R for Windows 3.0.2 Rescue and Recovery RnR Sysprep Patch SAM Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition SigmaPlot 10.0.1 Skype™ 6.1 Sony Ericsson Update Engine Sony PC Companion 2.10.174 STATISTICA 10.0.1011.4 STATISTICA 6 STATISTICA Version Manager STATNOVAPDF (novaPDF 7.4 printer) SyncBackFree ThinkPad FullScreen Magnifier ThinkPad Modem Adapter ThinkPad UltraNav Driver ThinkPad Wireless LAN Adapter Software ThinkVantage Access Connections ThinkVantage Communications Utility ThinkVantage System für aktiven Festplattenschutz TumblRipper Uninstall N_AShell v 1.0 Uninstall SADIEShell v 2.0 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition VLC media player 2.0.8 Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) WinRAR 4.20 (32-Bit) . ==== End Of File =========================== I am grateful for any help and a happy new year.
  3. Hello, I have tried several times to erase Malware.Trace using Malwarebytes, but it reappears every time I reboot. Here are my dds log files: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_39 Run by Peter at 22:15:14 on 2013-02-07 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.6143.4684 [GMT -5:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files\Microsoft LifeChat\LifeChat.exe C:\Program Files\Eraser\Eraser.exe C:\Program Files (x86)\Steam\Steam.exe C:\ProgramData\KghaixG\IuevfhT\AegocuH.exe C:\Users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\mrjyhhsz.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe C:\Program Files (x86)\Vuze\Azureus.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.ca/ uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uDefault_Page_URL = hxxp://www.dell.ca/myway mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [Google Update] "C:\Users\Peter\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [AegocuH] c:\ProgramData\KghaixG\IuevfhT\AegocuH.exe mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW StartupFolder: C:\Users\Peter\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\Peter\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: Free YouTube to MP3 Converter - C:\Users\Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://biz.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab TCP: NameServer = 192.168.1.254 192.168.0.1 TCP: Interfaces\{EE8C4E38-A28F-4B3D-9470-2A76FE4F3598} : DHCPNameServer = 192.168.1.254 192.168.0.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe x64-Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe" x64-Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\mrjyhhsz.default\ FF - prefs.js: browser.startup.homepage - google.ca FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Users\Peter\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Users\Peter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Users\Peter\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Peter\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-01-14 23:51; {b749fc7c-e949-447f-926c-3f4eed6accfe}; C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\mrjyhhsz.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi FF - ExtSQL: 2013-02-03 10:59; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} . ============= SERVICES / DRIVERS =============== . R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-8-31 202752] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-28 398184] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-6-1 24176] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-8-31 346144] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-28 682344] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2010-1-19 23536] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-2 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-4-25 52736] S3 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-10-5 109064] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-1 1255736] . =============== Created Last 30 ================ . 2013-02-05 15:35:57 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E467CD64-2712-462D-809C-60DB415F067A}\offreg.dll 2013-02-05 14:26:31 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E467CD64-2712-462D-809C-60DB415F067A}\mpengine.dll 2013-01-21 00:53:47 -------- d-----w- C:\Users\Peter\AppData\Local\Remove_Empty_Directories 2013-01-21 00:52:48 -------- d-----w- C:\Program Files (x86)\Remove Empty Directories 2013-01-21 00:52:19 -------- d-----w- C:\Users\Peter\AppData\Local\Wajam 2013-01-21 00:52:18 -------- d-----w- C:\Program Files (x86)\Wajam 2013-01-19 20:11:50 -------- d-----w- C:\Program Files\LizardTech 2013-01-17 14:29:41 -------- d-----w- C:\Users\Peter\AppData\Local\Programs 2013-01-13 18:43:12 -------- d-----w- C:\Users\Peter\AppData\Roaming\ChaosPro 2013-01-13 18:43:05 -------- d-----w- C:\Users\Peter\AppData\Roaming\ChaosPro 4.0 2013-01-13 18:43:05 -------- d-----w- C:\Program Files (x86)\ChaosPro 4.0 2013-01-11 03:47:30 520192 ----a-w- C:\Windows\SysWow64\Fireplace by PES.scr 2013-01-11 03:47:30 -------- d-----w- C:\Windows\SysWow64\Fireplace by PES dir . ==================== Find3M ==================== . 2013-02-08 00:48:34 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-08 00:48:34 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-01-17 06:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe 2013-01-15 21:56:10 477616 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2013-01-15 21:56:07 473520 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll 2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll 2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll 2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs 2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs 2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs 2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs 2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs 2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs 2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs 2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs 2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs 2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs 2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs 2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs 2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs 2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs 2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe 2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll 2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll 2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-11-13 20:29:04 354216 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl 2012-11-12 12:28:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-12 11:52:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb . ============= FINISH: 22:16:07.59 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 31/05/2011 8:44:04 PM System Uptime: 07/02/2013 12:34:19 PM (10 hours ago) . Motherboard: PEGATRON CORPORATION | | 2A94 Processor: Intel® Core2 Quad CPU Q8300 @ 2.50GHz | CPU 1 | 1999/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 920 GiB total, 530.707 GiB free. D: is FIXED (NTFS) - 11 GiB total, 1.385 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP191: 22/01/2013 9:08:09 AM - Windows Update RP192: 29/01/2013 9:40:31 AM - Windows Update RP193: 31/01/2013 11:45:01 PM - Installed DirectX RP194: 03/02/2013 10:58:07 AM - Installed Java 6 Update 39 RP195: 05/02/2013 9:25:13 AM - Windows Update . ==== Installed Programs ====================== . AaAaAA!!! - A Reckless Disregard for Gravity AaaaaAAaaaAAAaaAAAAaAAAAA!!! for the Awesome Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.5) Adobe Shockwave Player 11.6 AES Crypt Agatha Christie - Death on the Nile Amnesia: The Dark Descent And Yet It Moves Antichamber Apple Application Support Apple Mobile Device Support Apple Software Update ATI Catalyst Install Manager Atom Zombie Smasher Audacity 1.3.13 (Unicode) Audiosurf Avidemux 2.5 Bastion Batman: Arkham Asylum GOTY Edition Bejeweled 2 Deluxe Blackhawk Striker 2 Blasterball 3 Bonjour Braid Bus Driver Castle Crashers Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center HydraVision Full Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish ChaosPro Chuzzle Deluxe Cisco Connect Cogs Combined Community Codec Pack 2010-10-10 Comical 0.8 Compatibility Pack for the 2007 Office system Crayon Physics Deluxe CyberLink DVD Suite Deluxe D3DX10 Dear Esther DivX Setup Dora's Carnival Adventure Dota 2 Dropbox DVD Menu Pack for HP MediaSmart Video Eraser 6.0.10.2620 Escape Rosecliff Island Faerie Solitaire FATE Fireplace by PES Screen Saver Fractal Fraps Free Audio CD Burner version 1.4.8 Free YouTube to MP3 Converter version 3.11.34.1015 Full Tilt Poker Gambit gedit 2.30.1 GIMP 2.6.12-2 Google Chrome Google Talk Plugin Google Update Helper GPL Ghostscript Hammerfight Hardware Diagnostic Tools Hewlett-Packard ACLM.NET v1.1.1.0 HP Advisor HP Customer Experience Enhancements HP Game Console HP Games HP MediaSmart DVD HP MediaSmart Music HP MediaSmart Photo HP MediaSmart SmartMenu HP MediaSmart Video HP Odometer HP Setup HP Support Assistant HP Support Information HP Update HydraVision iTunes Java Auto Updater Java 6 Update 39 Jewel Quest 3 JScreenFix KLatexFormula 3.2.4 L.A. Noire: The Complete Edition LabelPrint LAME v3.98.3 for Audacity LightScribe System Software LIMBO LizardTech DjVu Control (autoinstall) LPSolve IDE 5.5.2.0 Machinarium Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft LifeChat Microsoft Office Home and Student 60 day trial Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Works Microsoft XNA Framework Redistributable 3.1 MiKTeX 2.9 Mirror's Edge Movie Theme Pack for HP MediaSmart Video Mozilla Firefox 18.0.2 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) My Game Long Name Norton Online Backup Notepad++ NVIDIA PhysX office Convert Pdf to Jpg Jpeg Tiff Free 6.5 OpenAL OpenOffice.org 3.3 Osmos PDFCreator pdfsam Penguins! PhotoNow! Pidgin Plants vs. Zombies Plants vs. Zombies: Game of the Year PlayReady PC Runtime amd64 Poker Superstars III PokerStars Polar Bowler Polar Golfer Portal Portal 2 Power2Go PowerDirector Psychonauts Python 3.2.3 Q.U.B.E. QuickTime Rampant Logic Postscript Viewer 1.1 Realtek High Definition Audio Driver Recovery Manager Remove Empty Directories version 2.2 Revenge of the Titans Rockstar Games Social Club Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) SEGA Genesis & Mega Drive Classics Skype Click to Call Skype™ 5.10 Sonic Generations Steam Steel Storm: Burning Retribution Super Meat Boy v1.5 Superbrothers: Sword & Sworcery EP swMSM TeXworks 0.4.3 The Binding Of Isaac The Photographer's Ephemeris To the Moon Trine Trine 2 Uninstall 1.0.0.1 Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) VC80CRTRedist - 8.0.50727.6195 Ventrilo Client Virtual Families Virtual Villagers - The Secret City VLC media player 1.1.9 Vuze VVVVVV Wajam Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Messenger Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Media Player Firefox Plugin WinRAR 4.01 (64-bit) WinSCP 4.3.5 World of Goo Yahoo! Detect Zuma's Revenge . ==== Event Viewer Messages From Past Week ======== . 05/02/2013 6:21:44 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s). . ==== End Of File ===========================
  4. Hi, I have a Vista 64 laptop. I am using 'Kaspersky Pure 2.0' and 'MBAM Pro'. I regularly update the signatures for both of these. A brief background: I was logged in through my admin account when I got infected by a malware. Neither 'Kaspersky AV' nor 'MBAM Pro' found anything in the exe file that i clicked on. Immediately I saw scripts running and rougue processes in the task manager. Since then I got help from 'Malware Removal Hijackthis' forum in getting it cleaned up. The details can be found here. The malware created an user account as 'Test'. As I was logged in through my admin user account at time of infection, the user 'TEST' also has admin rights and is kind of an alias for my administrator user account name. Its desktop has same files as the admin user account I log in through. If I delete anything from 'C:\users\test\desktop', then it gets deleted from my original admin account user's desktop as well. When I go to control panels--> user accounts, I do not find any alias for my original administrator account user name there. How to ensure my laptop is not hosting any zombies. Appreciate your help on this. Thank you very much for your time. Best Sam
  5. Hi, I was infected with the above malwares. I was upto a point towards completion. With the database corruption, my post and its details are gone. 'Jeffce' was helping me with this resolution. I don't know, whether with the new thread 'Jeffce' is supposed to look at it or anyone else needs to take over. Thanks and appreciate your time. Best Sam
  6. Hello, I have been having a few issues with my system lately, I have a key-logger (dclogs - Stolen.Data) that is contained within my "Roaming" folder on my account called 'dclogs' I have scanned with the MalwareBytes Anti-Malware software (The log is enclosed as well) which fixes the issues until I restart my system then the problem persists. Other problems include: The FRAPS installer automatically launching when I start my system and asking me to install it; even though I have already un-installed it and deleted the installer, and the locking of cmd, regedit and the Task Manager which is fixed only temporarily until I reboot the system. enc. Attach.txt DDS.txt mbam-log-2012-08-21 (13-38-23).txt Thank you for your assistance.
  7. Gud Day! One day i put my friend USB in my computer then my anti-virus detects dozens of trojans and viruses, thats why ill try to use Malwarebytes Anti-Malwares (PRO). and after i scan. MBAM Detects this kind of Trojans called Malware.Trace. ill try to quarantine or deleted it but after i reboot. it comes back again. how can i fix or deleted this Malware.Trace & Trojan.Lameshield PLEASE HELP!
  8. I recently downloaded Malwarebytes after Norton 360 kept telling me that I was getting attacked by a worm. I thought with Norton 360 I was protected from everything, but it appears not. After downloading Malwarebytes I ran a few scans and had to restart my computer a few times. I have run into 8 files that keep coming up on the scan. Here is the log: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.25.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Owner :: OWNER-PC [administrator] 26/05/2012 3:07:26 PM 1.txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 207390 Time elapsed: 2 minute(s), 22 second(s) Memory Processes Detected: 3 C:\Windows\Temp\svchost.exe (Trojan.Agent) -> 3412 -> No action taken. C:\Windows\Temp\svchost.exe (Trojan.Agent) -> 3424 -> No action taken. C:\Windows\Temp\svchost.exe (Trojan.Agent) -> 2776 -> No action taken. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> No action taken. Registry Values Detected: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|msvcnp (Backdoor.Agent) -> Data: C:\Users\Owner\AppData\Roaming\msvcnp .exe -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|csrss (Trojan.Agent) -> Data: C:\Users\Owner\AppData\Roaming\csrss .exe -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Windows\Temp\svchost.exe (Trojan.Agent) -> No action taken. C:\Users\Owner\AppData\Roaming\csrss .exe (Trojan.Agent) -> No action taken. (end) Here is the removal log of the same files. A popup also appears telling me to restart my computer. Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.25.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Owner :: OWNER-PC [administrator] 26/05/2012 3:07:26 PM mbam-log-2012-05-26 (15-07-26).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 207390 Time elapsed: 2 minute(s), 22 second(s) Memory Processes Detected: 3 C:\Windows\Temp\svchost.exe (Trojan.Agent) -> 3412 -> Delete on reboot. C:\Windows\Temp\svchost.exe (Trojan.Agent) -> 3424 -> Delete on reboot. C:\Windows\Temp\svchost.exe (Trojan.Agent) -> 2776 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Detected: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|msvcnp (Backdoor.Agent) -> Data: C:\Users\Owner\AppData\Roaming\msvcnp .exe -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|csrss (Trojan.Agent) -> Data: C:\Users\Owner\AppData\Roaming\csrss .exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Windows\Temp\svchost.exe (Trojan.Agent) -> Delete on reboot. C:\Users\Owner\AppData\Roaming\csrss .exe (Trojan.Agent) -> Quarantined and deleted successfully. (end) After restarting my computer, the same 8 files appear in the next scan. Is there anything I can do to stop this? I had problems before with a file called update.exe appearing in my Roaming folder. When I deleted it, it would just appear again after a few seconds. So I deleted it and then put a folder in Roaming called update.exe. This stopped the file from appearing. Any input or help is appreciated.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.