Jump to content

Quarantine failed?


Synetra

Recommended Posts

I'm sorry but I need help, I can't seem to download Hijack this from their site. But this is the log that has gotten me worried from malwarebytes:

2012/09/05 20:51:29 +0100 MICHELLE-PC Michelle MESSAGE Starting protection

2012/09/05 20:51:30 +0100 MICHELLE-PC Michelle MESSAGE Executing scheduled update: Daily

2012/09/05 20:51:31 +0100 MICHELLE-PC Michelle MESSAGE Protection started successfully

2012/09/05 20:51:34 +0100 MICHELLE-PC Michelle MESSAGE Starting IP protection

2012/09/05 20:51:35 +0100 MICHELLE-PC Michelle MESSAGE IP Protection started successfully

2012/09/05 20:51:42 +0100 MICHELLE-PC Michelle MESSAGE Scheduled update executed successfully: database updated from version v2012.09.04.04 to version v2012.09.05.10

2012/09/05 20:51:42 +0100 MICHELLE-PC Michelle MESSAGE Starting database refresh

2012/09/05 20:51:42 +0100 MICHELLE-PC Michelle MESSAGE Stopping IP protection

2012/09/05 20:52:52 +0100 MICHELLE-PC Michelle MESSAGE IP Protection stopped

2012/09/05 20:52:54 +0100 MICHELLE-PC Michelle MESSAGE Database refreshed successfully

2012/09/05 20:52:54 +0100 MICHELLE-PC Michelle MESSAGE Starting IP protection

2012/09/05 20:52:55 +0100 MICHELLE-PC Michelle MESSAGE IP Protection started successfully

2012/09/05 23:26:11 +0100 MICHELLE-PC Michelle DETECTION D:\autorun.exe Backdoor.Bot QUARANTINE

2012/09/05 23:26:11 +0100 MICHELLE-PC Michelle ERROR Quarantine failed: SetFileAttributes failed with error code 5

2012/09/05 23:26:12 +0100 MICHELLE-PC Michelle DETECTION D:\autorun.exe Backdoor.Bot DENY

2012/09/05 23:26:12 +0100 MICHELLE-PC Michelle DETECTION D:\autorun.exe Backdoor.Bot DENY

2012/09/05 23:28:17 +0100 MICHELLE-PC Michelle MESSAGE Starting database refresh

2012/09/05 23:28:17 +0100 MICHELLE-PC Michelle MESSAGE Stopping IP protection

2012/09/05 23:29:29 +0100 MICHELLE-PC Michelle MESSAGE IP Protection stopped

2012/09/05 23:29:30 +0100 MICHELLE-PC Michelle MESSAGE Database refreshed successfully

2012/09/05 23:29:30 +0100 MICHELLE-PC Michelle MESSAGE Starting IP protection

2012/09/05 23:29:31 +0100 MICHELLE-PC Michelle MESSAGE IP Protection started successfully

See it says the quarantine failed? I just ran a full scan and it came up clear. What should be my next step? I know this is an old log, I was just having a look through them and then saw this.

Link to post
Share on other sites

  • Root Admin

Please start Malwarebytes and check for updates. Then do a Quick Scan and post back the log.

Next, Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 right click and select Run as administrator

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.


    When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt

  • Save both reports to your desktop
  • Please include the following logs in your next reply: DDS.txt and Attach.txt
    You can ignore the note about zipping the Attach.txt file and simply attach it to your reply here.

Link to post
Share on other sites

Attach.zipThankyou for getting back to me, there are the requested logs. I did find that on right clicking DDS, there wasn't an option to run it as an administrator. I also found that the attach report didn't need unzipping, so I tried to send it to a zipped folder to attach. I hope I have done this right otherwise. Again thankyou.

Malwarebytes Anti-Malware (Trial) 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.12.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Michelle :: MICHELLE-PC [administrator]

Protection: Enabled

12/09/2012 09:31:51

mbam-log-2012-09-12 (09-31-51).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 198416

Time elapsed: 49 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2

Run by Michelle at 9:44:38 on 2012-09-12

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16354.14044 [GMT 1:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Users\Michelle\AppData\Local\Apps\2.0\70NZ94KL.RXG\MPJQ7C2X.GBV\curs..tion_9e9e83ddf3ed3ead_0005.0001_32b1384f20fde9ac\CurseClient.exe

C:\Users\Michelle\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Users\Michelle\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Users\Michelle\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michelle\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michelle\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michelle\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michelle\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michelle\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp64&d=1009&m=aspire_g7200

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2306632

uURLSearchHooks: CAssistLive Toolbar: {cc3dec62-7c65-460a-bf75-e2199bcaa3d4} - C:\Program Files (x86)\CAssistLive\prxtbCAss.dll

mURLSearchHooks: CAssistLive Toolbar: {cc3dec62-7c65-460a-bf75-e2199bcaa3d4} - C:\Program Files (x86)\CAssistLive\prxtbCAss.dll

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: CAssistLive Toolbar: {cc3dec62-7c65-460a-bf75-e2199bcaa3d4} - C:\Program Files (x86)\CAssistLive\prxtbCAss.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: CAssistLive Toolbar: {cc3dec62-7c65-460a-bf75-e2199bcaa3d4} - C:\Program Files (x86)\CAssistLive\prxtbCAss.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [Google Update] "C:\Users\Michelle\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

StartupFolder: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{A4FF57CD-E9F5-47B1-BFAC-91D70B364B20} : DhcpNameServer = 192.168.1.254

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File

BHO-X64: AMD SteadyVideo BHO - No File

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: CAssistLive Toolbar: {cc3dec62-7c65-460a-bf75-e2199bcaa3d4} - C:\Program Files (x86)\CAssistLive\prxtbCAss.dll

BHO-X64: CAssistLive - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB-X64: CAssistLive Toolbar: {cc3dec62-7c65-460a-bf75-e2199bcaa3d4} - C:\Program Files (x86)\CAssistLive\prxtbCAss.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]

R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984]

R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-9-11 44808]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-11 399432]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-11 676936]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 athur;Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-31 250568]

S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-8-31 135584]

S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [2012-8-30 33592]

S3 NTIOLib_1_0_1;NTIOLib_1_0_1;C:\Program Files (x86)\MSI\ControlCenter\NTIOLib_X64.sys [2012-8-30 13328]

S3 NTIOLib_1_0_2;NTIOLib_1_0_2;C:\Program Files (x86)\MSI\ControlCenter\NTIOLib_X64.sys [2012-8-30 13328]

S3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2012-8-30 14136]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-09-11 22:14:09 969200 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2012-09-11 22:14:09 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2012-09-11 22:14:09 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2012-09-11 22:14:01 41224 ----a-w- C:\Windows\avastSS.scr

2012-09-11 22:04:03 -------- d-----w- C:\Users\Michelle\AppData\Local\Avg2013

2012-09-11 21:59:00 -------- d-----w- C:\Users\Michelle\AppData\Roaming\TuneUp Software

2012-09-11 19:47:12 -------- d--h--w- C:\ProgramData\Common Files

2012-09-11 19:47:12 -------- d-----w- C:\Users\Michelle\AppData\Local\MFAData

2012-09-11 19:47:12 -------- d-----w- C:\ProgramData\MFAData

2012-09-11 14:46:59 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{86C433E4-F65E-4A6F-A217-3B01CF5DE277}\mpengine.dll

2012-09-10 21:51:07 -------- d-----w- C:\Program Files (x86)\Microsoft WSE

2012-09-10 21:09:27 -------- d-----w- C:\Users\Michelle\AppData\Roaming\Microsoft Games

2012-09-10 21:09:04 -------- d-----w- C:\ProgramData\Microsoft Games

2012-09-10 21:09:04 -------- d-----w- C:\Program Files (x86)\Common Files\Microsoft Games

2012-09-10 21:01:14 -------- d-----w- C:\Program Files (x86)\Microsoft Games

2012-09-06 18:51:58 -------- d-----w- C:\Users\Michelle\AppData\Local\ElevatedDiagnostics

2012-09-03 18:18:53 -------- d-----w- C:\ProgramData\Blizzard Entertainment

2012-09-03 17:45:35 -------- d-----w- C:\Users\Michelle\AppData\Local\Microsoft Games

2012-09-03 17:35:54 -------- d-----w- C:\ProgramData\Battle.net

2012-09-03 17:31:02 -------- d-----w- C:\Users\Michelle\AppData\Roaming\Malwarebytes

2012-09-03 17:31:00 -------- d-----w- C:\ProgramData\Malwarebytes

2012-09-03 17:30:59 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-03 17:30:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-09-03 14:17:45 -------- d-----r- C:\Program Files (x86)\Skype

2012-09-03 14:08:08 -------- d-----w- C:\ProgramData\AVAST Software

2012-09-03 14:08:08 -------- d-----w- C:\Program Files\AVAST Software

2012-09-03 13:58:38 1918976 ----a-w- C:\Windows\System32\drivers\athurx.sys

2012-09-03 13:58:38 1918976 ----a-w- C:\Windows\System32\athurx.sys

2012-09-03 13:58:38 -------- d-----w- C:\Windows\Options

2012-09-03 13:58:20 -------- d-----w- C:\ProgramData\TP-LINK

2012-09-03 13:53:34 -------- d-----w- C:\Users\Michelle\AppData\Roaming\LibreOffice

2012-09-01 09:51:33 5425496 ----a-w- C:\Windows\System32\D3DX9_41.dll

2012-08-31 15:58:07 -------- d-----w- C:\Users\Michelle\AppData\Local\IsolatedStorage

2012-08-31 15:58:06 -------- d-----w- C:\Users\Michelle\AppData\Local\Futuremark_Corporation

2012-08-31 15:17:20 -------- d-----w- C:\Program Files (x86)\Futuremark

2012-08-31 15:17:14 239960 ----a-w- C:\Windows\SysWow64\xactengine3_7.dll

2012-08-31 15:17:14 176984 ----a-w- C:\Windows\System32\xactengine3_7.dll

2012-08-31 15:17:13 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll

2012-08-31 15:17:13 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll

2012-08-31 15:17:13 3977496 ----a-w- C:\Windows\System32\d3dx9_31.dll

2012-08-31 15:17:13 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll

2012-08-31 15:17:13 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll

2012-08-31 15:17:13 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll

2012-08-31 15:17:13 1907552 ----a-w- C:\Windows\System32\d3dcsx_43.dll

2012-08-31 15:17:13 1868128 ----a-w- C:\Windows\SysWow64\d3dcsx_43.dll

2012-08-31 13:06:42 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-08-31 13:06:42 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-08-31 13:06:40 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-08-31 13:05:45 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-31 13:05:45 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-08-31 12:59:57 -------- d-----w- C:\Program Files (x86)\LibreOffice 3.5

2012-08-31 12:59:04 -------- d-----w- C:\Users\Michelle\AppData\Roaming\Windows Live Writer

2012-08-31 12:59:04 -------- d-----w- C:\Users\Michelle\AppData\Local\Windows Live Writer

2012-08-31 12:46:56 -------- d-----w- C:\Users\Michelle\AppData\Local\Apple Computer

2012-08-31 12:43:25 -------- dc----w- C:\Users\Michelle\AppData\Local\MigWiz

2012-08-31 08:46:56 -------- d-----w- C:\Users\Michelle\Tracing

2012-08-31 08:46:28 -------- d-----w- C:\Windows\en

2012-08-31 08:46:23 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2012-08-31 08:46:16 -------- d-----w- C:\Windows\PCHEALTH

2012-08-31 08:46:00 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll

2012-08-31 08:46:00 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll

2012-08-31 08:46:00 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll

2012-08-31 08:46:00 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll

2012-08-31 08:44:59 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live

2012-08-31 08:42:59 -------- d-----w- C:\Users\Michelle\AppData\Local\Google

2012-08-31 08:42:53 -------- d-----w- C:\Users\Michelle\AppData\Local\Deployment

2012-08-31 08:42:53 -------- d-----w- C:\Users\Michelle\AppData\Local\Apps

2012-08-31 08:41:27 -------- d-----w- C:\iDrive

2012-08-31 08:40:40 -------- d-----w- C:\Program Files (x86)\Conduit

2012-08-31 08:40:39 -------- d-----w- C:\Users\Michelle\AppData\Local\Conduit

2012-08-31 08:39:59 -------- d-----w- C:\Program Files (x86)\CAssistLive

2012-08-30 21:28:04 -------- d-----w- C:\Windows\Panther

2012-08-30 21:27:51 -------- d-sh--w- C:\Boot

2012-08-30 21:07:02 -------- d-----w- C:\archive_db

2012-08-30 15:56:46 -------- d-----w- C:\Windows\SysWow64\Wat

2012-08-30 15:56:46 -------- d-----w- C:\Windows\System32\Wat

2012-08-30 15:41:06 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-08-30 15:37:44 294912 ----a-w- C:\Windows\System32\browserchoice.exe

2012-08-30 15:31:32 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-08-30 15:31:32 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-08-30 15:31:32 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-08-30 15:31:32 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-08-30 15:31:32 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-08-30 15:31:32 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-08-30 15:31:32 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-08-30 15:29:59 395776 ----a-w- C:\Windows\System32\webio.dll

2012-08-30 15:28:43 723456 ----a-w- C:\Windows\System32\EncDec.dll

2012-08-30 15:28:43 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2012-08-30 15:28:02 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-08-30 15:28:02 1731920 ----a-w- C:\Windows\System32\ntdll.dll

2012-08-30 15:28:02 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll

2012-08-30 15:27:51 77312 ----a-w- C:\Windows\System32\packager.dll

2012-08-30 15:27:51 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2012-08-30 15:08:26 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll

2012-08-30 15:08:26 539240 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys

2012-08-30 13:54:46 -------- d-----w- C:\Program Files (x86)\Setup Files

2012-08-30 13:38:55 -------- d-----w- C:\Windows\pss

2012-08-30 13:34:53 -------- d--h--w- C:\ControlCenterCount

2012-08-30 13:03:15 0 ----a-w- C:\Windows\ativpsrm.bin

2012-08-30 13:02:36 -------- d-----w- C:\Program Files\AMD

2012-08-30 13:02:36 -------- d-----w- C:\Program Files (x86)\AMD

2012-08-30 13:02:35 -------- d-----w- C:\Program Files (x86)\AMD APP

2012-08-30 13:02:34 -------- d-----w- C:\Program Files\Common Files\ATI Technologies

2012-08-30 13:02:34 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies

2012-08-30 12:58:12 -------- d-----w- C:\AMD

2012-08-30 12:53:26 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-08-30 12:53:26 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-08-30 12:53:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-08-30 12:51:49 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-08-30 12:51:48 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-08-30 12:51:47 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-08-30 12:51:47 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-08-30 12:51:23 -------- d-----w- C:\Program Files (x86)\MSI

2012-08-30 12:50:34 -------- d-----w- C:\Program Files (x86)\Renesas Electronics

2012-08-30 12:50:13 -------- d-----w- C:\ProgramData\Downloaded Installations

2012-08-30 12:47:59 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll

2012-08-30 12:47:59 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll

2012-08-30 12:47:04 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll

2012-08-30 12:47:00 -------- d-----w- C:\Program Files (x86)\Realtek

2012-08-30 12:44:15 -------- d-----w- C:\Users\Michelle\AppData\Local\AMD

2012-08-30 12:44:14 -------- d-----w- C:\Users\Michelle\AppData\Local\ATI

2012-08-30 12:42:08 44672 ----a-r- C:\Windows\System32\drivers\usbfilter.sys

2012-08-30 12:41:47 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys

2012-08-30 12:41:47 -------- d-----w- C:\ProgramData\AMD

2012-08-30 12:41:44 79488 ----a-w- C:\Windows\System32\drivers\amd_sata.sys

2012-08-30 12:41:44 40064 ----a-w- C:\Windows\System32\drivers\amd_xata.sys

2012-08-30 12:41:38 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2012-08-30 12:41:36 -------- d-sh--w- C:\Windows\Installer

2012-08-30 12:41:36 -------- d-----w- C:\Program Files\ATI

2012-08-30 12:40:30 -------- d-----w- C:\Program Files\ATI Technologies

2012-08-30 12:37:58 -------- d-----w- C:\MSI

2012-08-23 12:55:04 -------- d-----w- C:\OEM

.

==================== Find3M ====================

.

2012-07-28 04:09:20 5538984 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-07-28 04:07:44 10278912 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-07-28 03:43:12 70144 ----a-w- C:\Windows\System32\coinst_8.982.dll

2012-07-28 03:19:34 24935424 ----a-w- C:\Windows\System32\atio6axx.dll

2012-07-28 02:50:10 20546560 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-07-28 02:15:50 163840 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-07-28 02:15:42 931328 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-07-28 02:13:56 1100288 ----a-w- C:\Windows\System32\aticfx64.dll

2012-07-28 02:10:40 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2012-07-28 02:10:34 534528 ----a-w- C:\Windows\System32\atieclxx.exe

2012-07-28 02:09:44 239616 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-07-28 02:09:02 57792 ----a-w- C:\Windows\SysWow64\sirenacm.dll

2012-07-28 02:08:20 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-07-28 02:08:04 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-07-28 02:07:58 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2012-07-28 02:07:52 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2012-07-28 02:07:10 6430208 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-07-28 01:54:00 321472 ----a-w- C:\Windows\WLXPGSS.SCR

2012-07-28 01:51:12 7052288 ----a-w- C:\Windows\System32\atidxx64.dll

2012-07-28 01:41:32 4266496 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-07-28 01:35:10 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-07-28 01:35:08 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-07-28 01:35:02 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-07-28 01:35:00 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-07-28 01:34:48 16034304 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-07-28 01:32:32 4751872 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2012-07-28 01:30:10 13605888 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2012-07-28 01:25:52 6676480 ----a-w- C:\Windows\System32\atiumd64.dll

2012-07-28 01:22:36 77312 ----a-w- C:\Windows\System32\amdave64.dll

2012-07-28 01:22:28 77312 ----a-w- C:\Windows\SysWow64\amdave32.dll

2012-07-28 01:22:16 74240 ----a-w- C:\Windows\System32\atisamu64.dll

2012-07-28 01:22:10 71168 ----a-w- C:\Windows\atisamu32.dll

2012-07-28 01:15:32 540160 ----a-w- C:\Windows\System32\atiadlxx.dll

2012-07-28 01:15:22 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2012-07-28 01:15:12 17920 ----a-w- C:\Windows\System32\atig6pxx.dll

2012-07-28 01:15:08 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2012-07-28 01:15:08 14848 ----a-w- C:\Windows\System32\atiglpxx.dll

2012-07-28 01:15:04 41984 ----a-w- C:\Windows\System32\atig6txx.dll

2012-07-28 01:14:56 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2012-07-28 01:14:46 368640 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2012-07-28 01:13:54 129536 ----a-w- C:\Windows\System32\atiuxp64.dll

2012-07-28 01:13:48 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2012-07-28 01:13:40 103936 ----a-w- C:\Windows\System32\atiu9p64.dll

2012-07-28 01:13:32 83456 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2012-07-28 01:12:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\atimpc64.dll

2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\amdpcom64.dll

2012-07-28 01:08:36 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2012-07-28 01:08:36 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2012-07-27 21:47:40 187392 ----a-w- C:\Windows\System32\clinfo.exe

2012-07-27 21:47:24 75776 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-07-27 21:47:16 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-07-27 21:47:10 63488 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-07-27 21:47:06 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-07-27 21:46:56 16464896 ----a-w- C:\Windows\System32\amdocl64.dll

2012-07-27 21:46:06 13013504 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-07-27 21:44:56 54784 ----a-w- C:\Windows\System32\OpenCL.dll

2012-07-27 21:44:42 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2012-07-26 18:08:06 862664 ----a-w- C:\Windows\SysWow64\msvcr110.dll

2012-07-26 18:08:06 534480 ----a-w- C:\Windows\SysWow64\msvcp110.dll

2012-07-26 18:08:06 251864 ----a-w- C:\Windows\SysWow64\vccorlib110.dll

2012-07-26 18:08:06 153536 ----a-w- C:\Windows\SysWow64\atl110.dll

2012-07-26 18:08:06 115656 ----a-w- C:\Windows\SysWow64\vcomp110.dll

2012-07-26 14:22:10 828872 ----a-w- C:\Windows\System32\msvcr110.dll

2012-07-26 14:22:10 661448 ----a-w- C:\Windows\System32\msvcp110.dll

2012-07-26 14:22:10 354264 ----a-w- C:\Windows\System32\vccorlib110.dll

2012-07-26 14:22:10 177096 ----a-w- C:\Windows\System32\atl110.dll

2012-07-26 14:22:10 124360 ----a-w- C:\Windows\System32\vcomp110.dll

2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-17 14:14:44 253184 ----a-w- C:\Windows\System32\LIVESSP.DLL

2012-07-17 13:49:00 209648 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL

2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll

2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

.

============= FINISH: 9:44:58.51 ===============

Link to post
Share on other sites

  • Root Admin

Please download the adwCleaner

http://general-chang...de/2-adwcleaner

Run the Tool

Windows Vista and Windows 7 users

Right click on the adwCleaner.exe program and select the option "Run as administrator"

Select the Delete button not the search button and click it.

When the scan completes, it will open a notepad document.

Please save this file somewhere you can remember where it is and attach it on your next reply.

Next, please run a free online scan with the ESET Online Scanner

http://www.eset.eu/online-scanner

Note: You will need to use Internet Explorer for this scan.

* Tick the box next to YES, I accept the Terms of Use.

* Click Start

* When asked, allow the ActiveX control to install

* Click Start

* Make sure that the options Remove found threats and the option Scan unwanted applications is checked

* Click Scan

Wait for the scan to finish

* Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

* Attach that log on your next reply

Thank you

Link to post
Share on other sites

ok as requested, I did notice the ESET Onlinescanner did Quarantine a file. But I'm not sure the log has saved correctly because there isn't much in it.

# AdwCleaner v2.001 - Logfile created 09/12/2012 at 10:45:39

# Updated 09/09/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Michelle - MICHELLE-PC

# Boot Mode : Normal

# Running from : C:\Users\Michelle\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\Michelle\AppData\Local\Temp\Uninstall.exe

Folder Deleted : C:\Program Files (x86)\CAssistLive

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Users\Michelle\AppData\Local\Conduit

Folder Deleted : C:\Users\Michelle\AppData\Local\Temp\avg@toolbar

Folder Deleted : C:\Users\Michelle\AppData\LocalLow\CAssistLive

Folder Deleted : C:\Users\Michelle\AppData\LocalLow\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\CAssistLive

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC3DEC62-7C65-460A-BF75-E2199BCAA3D4}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8D74BE77-E811-418C-9C7A-DD9E51A1F4A8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC3DEC62-7C65-460A-BF75-E2199BCAA3D4}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\Software\CAssistLive

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2306632

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8D74BE77-E811-418C-9C7A-DD9E51A1F4A8}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8D74BE77-E811-418C-9C7A-DD9E51A1F4A8}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC3DEC62-7C65-460A-BF75-E2199BCAA3D4}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A366883A-2D70-4116-9B44-E41E5A1FAB50}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D5DC0EBC-DBB9-439F-AEF7-468DBEA4ED55}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC3DEC62-7C65-460A-BF75-E2199BCAA3D4}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CAssistLive Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CC3DEC62-7C65-460A-BF75-E2199BCAA3D4}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CC3DEC62-7C65-460A-BF75-E2199BCAA3D4}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CC3DEC62-7C65-460A-BF75-E2199BCAA3D4}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{CC3DEC62-7C65-460A-BF75-E2199BCAA3D4}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2306632 --> hxxp://www.google.com

-\\ Google Chrome v21.0.1180.89

File : C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.11] : homepage = "hxxp://search.conduit.com/?SearchSource=10&ctid=CT2306632",

Deleted [l.15] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?SearchSource=10&ctid=CT2306632", "hxxp://www.computer-assist.org.uk/" ]

Deleted [l.44] : icon_url = "hxxps://isearch.avg.com/favicon.ico",

Deleted [l.47] : keyword = "isearch.avg.com",

Deleted [l.50] : search_url = "hxxps://isearch.avg.com/search?cid={37E7584F-7AE0-4C18-BBD1-17923B800E23}&mid=〈=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}",

Deleted [l.1133] : homepage = "hxxp://search.conduit.com/?SearchSource=10&ctid=CT2306632",

Deleted [l.1359] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?SearchSource=10&ctid=CT2306632", "hxxp://www.computer-assist.org.uk/" ]

*************************

AdwCleaner[s1].txt - [5313 octets] - [12/09/2012 10:45:39]

########## EOF - C:\AdwCleaner[s1].txt - [5373 octets] ##########

The Eset log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

Link to post
Share on other sites

EDIT: I went back to ESET and after deleteing the file it detected as a worm from the quarantine (the file was Acer Live\Home media, I'm sure it was something like that). I ran the scan again and this time it created a more detailed log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=9792f5ca675bd14b85d61925aeb9c387

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-09-12 02:58:10

# local_time=2012-09-12 03:58:10 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=2057

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776573 100 94 56292 99921939 0 0

# compatibility_mode=8192 67108863 100 0 13333 13333 0 0

# scanned=363670

# found=0

# cleaned=0

# scan_time=5001

Link to post
Share on other sites

  • Root Admin

Next, download Security Check from here

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Start Malwarebytes and check for updates and run a Quick Scan and send me back the new log

Let me know how the computer is running now.

Thanks

Link to post
Share on other sites

Ok here are the new logs, thanks for all the help, so whats the diagnosis, can I lift the sign off my PC that says "unclean" ? :) It seems to be running just fine at the moment.

Results of screen317's Security Check version 0.99.50

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Norton Internet Security

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.0.1400

Java 7 Update 7

Adobe Reader X (10.1.4)

Google Chrome 21.0.1180.89

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 8%

````````````````````End of Log``````````````````````

Malwarebytes Anti-Malware (Trial) 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.12.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Michelle :: MICHELLE-PC [administrator]

Protection: Enabled

12/09/2012 20:22:46

mbam-log-2012-09-12 (20-22-46).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 198946

Time elapsed: 44 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

  • Root Admin

Yes the computer appears to be working well now and the threats detected have been removed.

Please make sure to keep all your plugins such as Java, Flash, Acrobat Reader up to date at all times.

Keep your Anti-Virus and Malwarebytes up to date daily and always running as well as Windows updates.

If there is nothing else we should be done here now.

Link to post
Share on other sites

  • Root Admin

The logs show that you intalled avast! Antivirus but you already have Norton Internet Security installed.

RP41: 12/09/2012 16:47:41 - avast! Free Antivirus Setup

You can only have 1 Anti-Virus program installed and running at one time. Please choose one and fully remove the other one.

Please remove one of the AV products and proceed with the following.

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Right click on combofix.exe & and choose Run as administrator and follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it will produce a log for you. Post that log in your next reply. You can also locate this file here c:\combofix.txt
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

Link to post
Share on other sites

  • Root Admin

Please download MiniToolBox, save it to your desktop and run it.

http://www.bleepingcomputer.com/download/minitoolbox/dl/65/

Checkmark the following checkboxes:

Flush DNS

Report IE Proxy Settings

Reset IE Proxy Settings

Report FF Proxy Settings

Reset FF Proxy Settings

List content of Hosts

List IP configuration

List Winsock Entries

List last 10 Event Viewer log

List Installed Programs

List Devices

List Users, Partitions and Memory size.

List Minidump Files

Click Go and send back the Result.txt.

A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Link to post
Share on other sites

  • Root Admin

Hello Synetra,

The current issues with your computer appears to be general in nature and possibly caused by the infection but is damage not an ongoing infection. This is beyond the scope of malware detection and removal but I have provided some advice below that hopefully will help you to get your system working fully again.

There are some driver issues. It could possibly be due to corruption or pemrissions issues.

The first one looks to be part of a video driver (links below may help with fixing that)

http://www.rage3d.com/board/showthread.php?t=33987715

http://www.sevenforums.com/graphic-cards/218284-amd-12-2-aoddriver4-1-event-error-help-plz.html

The second one appears to probably be your Atheros wireless card. Please see if the link below helps

http://answers.microsoft.com/en-us/windows/forum/windows_7-hardware/atheros-ar5007eg-radio-wont-turn-on-in-windows-7/d3855b4e-7138-4fc5-8133-3809dce3a506

Basically in a nutshell a reinstall of the drivers might correct the issue for you. If not then you'll need to follow-up either here in the PC General forum or on one of the other many PC Support forums on the Internet.

System errors:

=============

Error: (09/13/2012 08:15:15 PM) (Source: Service Control Manager) (User: )

Description: The AODDriver4.1 service failed to start due to the following error:

%%2

Error: (09/13/2012 08:15:13 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\athExt.dll

Error Code: 126

At this time you no longer appear to have an infection on the system. You can go ahead and remove combofix by clicking on START and type in the following or copy/paste.

COMBOFIX.EXE /uninstall

Thank you again.

Link to post
Share on other sites

  • Root Admin

Based on current findings none of the scanners or Anti-Virus tools are finding any type of infection. You should be safe to do so at this time.

If you do experience or come across anything that seems in the least suspicious though let me know and we can run some other AV tools if needed.

Thanks

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.