Jump to content

Computer infected?


Recommended Posts

Hello all.

My computer was working fine for weeks, but then it seemed to gotten sluggish slow again.

Maybe I am infected? I am not totally sure, but here is HiJack this log I ran Malwarebytes quick scan, found nothing.

HiJack This:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:12:00 PM, on 11/4/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16450)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

D:\iTunesHelper.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Users\Brandon\jagexcache\jagexlauncher\bin\JagexLauncher.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://oc-startpage.aol.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\IPSBHO.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

O4 - HKUS\S-1-5-21-3268160211-647110919-3188366877-1000\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')

O4 - HKUS\S-1-5-21-3268160211-647110919-3188366877-1000\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User '?')

O4 - HKUS\S-1-5-21-3268160211-647110919-3188366877-1000\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent (User '?')

O4 - HKUS\S-1-5-18\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')

O4 - HKUS\.DEFAULT\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\ccSvcHst.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 10434 bytes

Link to post
Share on other sites

Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

Vista and Windows 7 users:

These tools MUST be run from the executable (.exe) every time you run them

with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

---------

Please download DDS from either of these links

LINK 1

LINK 2

and save it to your desktop.

  • Disable any script blocking protection
  • Right-click and Run as Administrator dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.

---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Attach.txt

----------

Please download aswMBR to your desktop.

  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and attach its contents in your next reply.

aswmbrscan.jpg

Click the image to enlarge it

----------

Link to post
Share on other sites

Hello :)

Here is my DDS:

DDS (Ver_2012-11-05.02) - NTFS_AMD64

Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.7.2

Run by Brandon at 20:11:12 on 2012-11-06

.

============== Running Processes ===============

.

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://oc-startpage.aol.com/

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\ipsbho.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_Plugin.exe -update plugin

mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "D:\iTunesHelper.exe"

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent

dRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{34AEEEB9-D965-46C9-8533-D3AF1705D6D3} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{FC602071-B493-4C3A-98A8-BAB07C14E525} : DHCPNameServer = 192.168.0.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\SysWow64\browseui.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -

x64-Run: [RtHDVCpl] RAVCpl64.exe

x64-Run: [skytel] Skytel.exe

x64-Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

x64-mPolicies-Explorer: NoDrives = dword:0

x64-mPolicies-System: EnableUIADesktopToggle = dword:0

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\g6jhj5ri.default\

FF - prefs.js: browser.startup.homepage - google.com

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\np32asw.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Brandon\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - plugin: D:\Mozilla Plugins\npitunes.dll

FF - ExtSQL: 2012-09-10 13:08; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF - ExtSQL: !HIDDEN! 2009-06-24 03:00; {20a82645-c095-46ed-80e3-08825760534b}; C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true

.

============= SERVICES / DRIVERS ===============

.

.

=============== File Associations ===============

.

FileExt: .js: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]

FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

2012-10-17 16:46:44 45056 ----a-w- C:\Windows\System32\acovcnt.exe

2012-10-14 18:49:01 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-14 18:48:54 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-10-14 18:48:54 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-10-14 18:48:54 246760 ----a-w- C:\Windows\SysWow64\javaws.exe

2012-10-14 18:48:54 174056 ----a-w- C:\Windows\SysWow64\javaw.exe

2012-10-14 18:48:54 174056 ----a-w- C:\Windows\SysWow64\java.exe

2012-10-08 21:40:17 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-08 21:40:17 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-09-30 00:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-13 13:45:46 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-09-13 13:28:08 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-08-29 11:40:01 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-08-24 16:07:02 218624 ----a-w- C:\Windows\System32\wintrust.dll

2012-08-24 15:53:29 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-08-24 11:15:45 17810944 ----a-w- C:\Windows\System32\mshtml.dll

2012-08-24 10:39:42 10925568 ----a-w- C:\Windows\System32\ieframe.dll

2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-08-24 10:22:46 1346048 ----a-w- C:\Windows\System32\urlmon.dll

2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-08-24 10:18:46 237056 ----a-w- C:\Windows\System32\url.dll

2012-08-24 10:17:03 85504 ----a-w- C:\Windows\System32\jsproxy.dll

2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-08-24 10:14:34 816640 ----a-w- C:\Windows\System32\jscript.dll

2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-08-24 10:12:04 2144768 ----a-w- C:\Windows\System32\iertutil.dll

2012-08-24 10:11:57 729088 ----a-w- C:\Windows\System32\msfeeds.dll

2012-08-24 10:10:14 96768 ----a-w- C:\Windows\System32\mshtmled.dll

2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-08-24 10:04:06 248320 ----a-w- C:\Windows\System32\ieui.dll

2012-08-24 07:27:00 12319744 ----a-w- C:\Windows\SysWow64\mshtml.dll

2012-08-24 07:03:49 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll

2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-08-24 06:51:50 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll

2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-08-24 06:49:57 231936 ----a-w- C:\Windows\SysWow64\url.dll

2012-08-24 06:48:38 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll

2012-08-24 06:47:36 717824 ----a-w- C:\Windows\SysWow64\jscript.dll

2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-08-24 06:45:46 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll

2012-08-24 06:44:35 1793024 ----a-w- C:\Windows\SysWow64\iertutil.dll

2012-08-24 06:44:10 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll

2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-08-24 06:40:11 176640 ----a-w- C:\Windows\SysWow64\ieui.dll

.

============= FINISH: 20:12:34.57 ===============

Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-05.02)

.

.

==== Disk Partitions =========================

.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

1&1 EasyLogin

3Impact

64 Bit HP CIO Components Installer

Acrobat.com

Activation Assistant for the 2007 Microsoft Office suites

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.0)

Adobe Shockwave Player

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ASUS InstantFun

ASUS LifeFrame3

ASUS Live Update

ASUS Power4Gear eXtreme

ASUS SmartLogon

ASUS Splendid Video Enhancement Technology

ATK Generic Function Service

ATK Hotkey

ATK Media

ATKOSD2

AVS Update Manager 1.0

AVS Video Converter 6

AVS4YOU Software Navigator 1.3

Counter-Strike: Global Offensive

CSS Tab Designer v2.0

CyberLink LabelPrint

CyberLink Power2Go

DivX Setup

Dolby Control Center

Download Updater (AOL LLC)

DVD Flick 1.3.0.7

ESET Online Scanner v3

Facebook Plug-In

FileZilla Client 3.5.3

FrostWire 5.3.8

GIMP 2.8.2

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)

Hotfix for Microsoft Visual Basic 2010 Express - ENU (KB982218)

Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)

HP Photosmart Prem C310 All-In-One Driver 14.0 Rel. 7

ImgBurn

ITECIR

iTunes

Java 7 Update 7

Java Auto Updater

Java SE Development Kit 7 (64-bit)

jEdit 4.3.2

Kodu Game Lab

LG USB Modem Drivers

LightScribe System Software 1.14.17.1

Likno Web Tabs Builder 2.0.206

Malwarebytes Anti-Malware version 1.65.1.1000

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Application Error Reporting

Microsoft Expression Blend 3 SDK

Microsoft Expression Blend 4

Microsoft Expression Blend 4 Add-in for Adobe FXG Import

Microsoft Expression Blend SDK for .NET 4

Microsoft Expression Blend SDK for Silverlight 4

Microsoft Expression Blend SDK for Windows Phone 7

Microsoft Expression Design 4

Microsoft Expression Encoder 4

Microsoft Expression Encoder 4 Screen Capture Codec

Microsoft Expression Studio 4

Microsoft Expression Web 4

Microsoft Expression Web 4 Service Pack 2

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Help Viewer 1.0

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Silverlight 3 SDK

Microsoft Silverlight 4 SDK

Microsoft Silverlight Tools for Visual Studio 2010

Microsoft SQL Server 2008 R2 (64-bit)

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server 2008 R2 Native Client

Microsoft SQL Server 2008 R2 RsFx Driver

Microsoft SQL Server 2008 R2 Setup (English)

Microsoft SQL Server 2008 Setup Support Files

Microsoft SQL Server Browser

Microsoft SQL Server Compact 3.5 SP1 Design Tools English

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server Compact 3.5 SP2 x64 ENU

Microsoft SQL Server System CLR Types

Microsoft SQL Server VSS Writer

Microsoft VC9 runtime libraries

Microsoft Visual Basic 2008 Express Edition with SP1 - ENU

Microsoft Visual Basic 2010 Express - ENU

Microsoft Visual C# 2010 Express - ENU

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319

Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU

Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

Microsoft Visual Studio 2010 Express for Windows Phone - ENU

Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU

Microsoft Visual Studio 6.0 Professional Edition

Microsoft Web Platform Installer 3.0

Microsoft Web Publishing Wizard 1.53

Microsoft Windows Phone 7 Developer Resources

Microsoft Windows Phone Developer Tools - ENU

Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu

Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32

Microsoft XNA Framework Redistributable 3.1

Microsoft XNA Framework Redistributable 4.0

Microsoft XNA Framework Redistributable 4.0 Refresh

Microsoft XNA Game Studio 4.0

Microsoft XNA Game Studio 4.0 (ARP entry)

Microsoft XNA Game Studio 4.0 (Redists)

Microsoft XNA Game Studio 4.0 (Shared Components)

Microsoft XNA Game Studio 4.0 (Visual Studio)

Microsoft XNA Game Studio 4.0 (XnaLiveProxy)

Microsoft XNA Game Studio 4.0 Documentation

Microsoft XNA Game Studio 4.0 Windows Phone Extensions

Microsoft XNA Game Studio Platform Tools

mIRC

Monopoly

Mozilla Firefox 16.0.2 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NetBeans IDE 7.2

Network64

Norton AntiVirus

Notepad++

NVIDIA Control Panel 301.42

NVIDIA Drivers

NVIDIA Graphics Driver 301.42

NVIDIA HD Audio Driver 1.3.16.0

NVIDIA Install Application

NVIDIA Performance

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0213

NVIDIA System Monitor

PS_AIO_07_C310_SW_Min

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek 8169 8168 8101E 8102E Ethernet Driver

Realtek High Definition Audio Driver

RealUpgrade 1.1

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01

RuneScape Launcher 1.2

RuneScape Launcher 1.2.2

Scan

Secure Download Manager

SecureW2 Enterprise Client 3.5.7

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Expression Design 4 (KB2667730)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition

Security Update for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB2251487)

Security Update for Microsoft Visual Basic 2010 Express - ENU (KB2251489)

Security Update for Microsoft Visual C# 2010 Express - ENU (KB2251489)

SMSCaster E-Marketer GSM Standard v3.7

SQL Server 2008 R2 Common Files

SQL Server 2008 R2 Database Engine Services

SQL Server 2008 R2 Database Engine Shared

Sql Server Customer Experience Improvement Program

SSH Secure Shell

Steam

Synaptics Pointing Device Driver

Team Fortress 2

Tiled - Tiled Map Editor

Toolbox

Total Video Converter 3.71 100812

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

USB 2.0 1.3M UVC WebCam

VC80CRTRedist - 8.0.50727.6195

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

VLC media player 1.0.1

WampServer 2.2

Windows Live ID Sign-in Assistant

Windows Media Player Firefox Plugin

Windows Phone 7 Add-in for Visual Studio 2010 - ENU

Windows Phone Emulator x64 - ENU

WindowsApplication1

WinRAR 4.01 (32-bit)

WinX Video Converter 4.5.14

Wireless Console 2

WPF Toolkit February 2010 (Version 3.5.50211.1)

Yahoo! Detect

.

==== End Of File ===========================

Link to post
Share on other sites

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-11-06 21:03:37

-----------------------------

21:03:37.751 OS Version: Windows x64 6.0.6002 Service Pack 2

21:03:37.752 Number of processors: 2 586 0xF0D

21:03:37.753 ComputerName: BRANDON-PC UserName: Brandon

21:03:39.208 Initialize success

21:04:34.629 AVAST engine defs: 12110602

21:04:45.441 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

21:04:45.443 Disk 0 Vendor: ST925082 3.AA Size: 238475MB BusType: 3

21:04:45.465 Disk 0 MBR read successfully

21:04:45.468 Disk 0 MBR scan

21:04:45.484 Disk 0 unknown MBR code

21:04:45.488 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 10997 MB offset 63

21:04:45.502 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 119232 MB offset 22523130

21:04:45.509 Disk 0 Partition - 00 0F Extended LBA 108244 MB offset 266711280

21:04:45.552 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 108244 MB offset 266711324

21:04:45.651 Disk 0 scanning C:\Windows\system32\drivers

21:05:07.480 Service scanning

21:06:13.195 Modules scanning

21:06:13.203 Disk 0 trace - called modules:

21:06:13.557 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys iaStor.sys hal.dll

21:06:13.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006a33790]

21:06:13.566 3 CLASSPNP.SYS[fffffa6000fc7c33] -> nt!IofCallDriver -> [0xfffffa8004bcc2d0]

21:06:13.571 5 acpi.sys[fffffa6000901fde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004bcf050]

21:06:15.651 AVAST engine scan C:\Windows

21:06:22.241 AVAST engine scan C:\Windows\system32

21:14:45.357 AVAST engine scan C:\Windows\system32\drivers

21:15:06.041 AVAST engine scan C:\Users\Brandon

21:39:09.550 AVAST engine scan C:\ProgramData

21:42:28.297 File: C:\ProgramData\Microsoft\Windows\DRM\B82B.tmp.dat **INFECTED** Win32:Dropper-gen [Drp]

21:45:59.099 Scan finished successfully

22:19:03.309 Disk 0 MBR has been saved successfully to "C:\Users\Brandon\Desktop\MBR.dat"

22:19:03.314 The log file has been saved successfully to "C:\Users\Brandon\Desktop\aswMBR.txt"

Link to post
Share on other sites

Hi,

Download Combofix from the link below, and save it to your desktop.

Link

**Note: It is important that it is saved directly to your desktop**

If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.


  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

----------

Link to post
Share on other sites

ComboFix 12-11-06.03 - Brandon 11/07/2012 13:45:02.9.2 - x64

Running from: c:\users\Brandon\Desktop\ComboFix.exe

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-10-07 to 2012-11-07 )))))))))))))))))))))))))))))))

.

.

2012-11-07 18:56 . 2012-11-07 18:56 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-11-07 18:56 . 2012-11-07 18:56 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-10-30 21:09 . 2012-10-30 21:09 -------- d-----w- c:\program files (x86)\Total Video Converter

2012-10-16 07:09 . 2012-10-16 07:09 -------- d-----w- c:\program files (x86)\MSXML 4.0

2012-10-15 17:23 . 2012-08-29 11:40 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-10-15 17:23 . 2012-06-29 16:20 648192 ----a-w- c:\windows\system32\netapi32.dll

2012-10-14 23:52 . 2012-11-07 18:43 -------- d-----w- C:\32788R22FWJFW

2012-10-14 18:49 . 2012-10-14 18:49 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-10-14 18:49 . 2012-10-14 18:48 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-10-14 18:49 . 2012-10-14 18:49 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-14 18:48 . 2012-10-14 18:48 -------- d-----w- c:\programdata\McAfee

2012-10-12 13:41 . 2012-10-12 13:41 -------- d-----w- c:\program files\Penn State Wireless v2

2012-10-09 19:00 . 2012-10-09 19:03 -------- d-----w- c:\users\Brandon\AppData\Roaming\mIRC

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-17 16:46 . 2009-01-03 12:24 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-10-14 18:48 . 2010-07-28 00:42 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-10-08 21:40 . 2012-07-12 02:32 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-08 21:40 . 2012-07-06 18:03 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-07 19:03 . 2012-10-07 19:03 133120 ----a-w- c:\programdata\Microsoft\Windows\DRM\B82B.tmp.dat

2012-09-30 00:54 . 2011-08-08 19:48 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-31 1353080]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]

"P2Go_Menu"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-12 98304]

"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2008-07-15 7651328]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-11 417792]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-04-01 273544]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"iTunesHelper"="D:\iTunesHelper.exe" [2012-06-07 421776]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer5"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]

IME File REG_SZ IMSC12.IME

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - aswMBR

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Themes

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 17:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 21:40]

.

2012-11-07 c:\windows\Tasks\ReclaimerUpdateFiles_Brandon.job

- c:\users\Brandon\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-29 19:22]

.

2012-11-07 c:\windows\Tasks\ReclaimerUpdateXML_Brandon.job

- c:\users\Brandon\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-29 19:22]

.

2012-11-07 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Brandon.job

- c:\users\Brandon\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-29 19:22]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RAVCpl64.exe" [2008-07-03 6342688]

"Skytel"="Skytel.exe" [2007-11-20 1826816]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1216808]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://oc-startpage.aol.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\g6jhj5ri.default\

FF - prefs.js: browser.startup.homepage - google.com

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2012-09-10 13:08; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF - ExtSQL: !HIDDEN! 2009-06-24 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-Adobe Shockwave Player - c:\windows\System32\Adobe\SHOCKW~1\UNWISE.EXE

AddRemove-DVD Flick_is1 - c:\program files (x86)\DVD Flick\unins000.exe

AddRemove-mIRC - c:\program files (x86)\mIRC\uninstall.exe

AddRemove-SecureW2 Enterprise Client - c:\program files (x86)\SecureW2\Uninstall.exe

AddRemove-Tiled - c:\program files (x86)\Tiled\uninstall.exe

.

.

.

Completion time: 2012-11-07 13:59:31

ComboFix-quarantined-files.txt 2012-11-07 18:59

ComboFix2.txt 2012-10-15 00:09

.

Pre-Run: 99,586,048 bytes free

Post-Run: 229,724,160 bytes free

.

- - End Of File - - FCE1889BE94CFBB0249135F5A27739F2

Link to post
Share on other sites

Please go to: VirusTotal

On the page you'll find a "Choose File" button.

Click on the Choose File button.

In the Choose File to Upload window which opens, copy and paste this into the File Name box.

c:\programdata\Microsoft\Windows\DRM\B82B.tmp.dat

Next, click the Open button.

Then click the "Scan It!" button just below.

This will scan the file. Please be patient.

If you get a message saying File has already been analyzed: click Reanalyze file now

Once scanned, copy and paste the link to the results page in your next reply.

----------

Link to post
Share on other sites

Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan
  • Do Not Attempt To Fix Anything Now. We just need to look over the report and be sure we are removing the correct
    items.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------

Link to post
Share on other sites

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below:

    ClearJavaCache::
    File::
    c:\programdata\Microsoft\Windows\DRM\B82B.tmp.dat
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Post the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

----------

Please post the new ComboFix log and let me know how your system is running. :)

Link to post
Share on other sites

Computer runs fine, nothing has broke yet :)

ComboFix 12-11-06.03 - Brandon 11/07/2012 16:03:02.10.2 - x64

Running from: c:\users\Brandon\Desktop\ComboFix.exe

Command switches used :: c:\users\Brandon\Desktop\CFScript.txt

* Created a new restore point

.

FILE ::

"c:\programdata\Microsoft\Windows\DRM\B82B.tmp.dat"

.

.

((((((((((((((((((((((((( Files Created from 2012-10-07 to 2012-11-07 )))))))))))))))))))))))))))))))

.

.

2012-11-07 21:14 . 2012-11-07 21:14 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-11-07 21:14 . 2012-11-07 21:14 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-10-30 21:09 . 2012-10-30 21:09 -------- d-----w- c:\program files (x86)\Total Video Converter

2012-10-16 07:09 . 2012-10-16 07:09 -------- d-----w- c:\program files (x86)\MSXML 4.0

2012-10-15 17:23 . 2012-08-29 11:40 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-10-15 17:23 . 2012-06-29 16:20 648192 ----a-w- c:\windows\system32\netapi32.dll

2012-10-14 23:52 . 2012-11-07 21:01 -------- d-----w- C:\32788R22FWJFW

2012-10-14 18:49 . 2012-10-14 18:49 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-10-14 18:49 . 2012-10-14 18:48 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-10-14 18:49 . 2012-10-14 18:49 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-14 18:48 . 2012-10-14 18:48 -------- d-----w- c:\programdata\McAfee

2012-10-12 13:41 . 2012-10-12 13:41 -------- d-----w- c:\program files\Penn State Wireless v2

2012-10-09 19:00 . 2012-10-09 19:03 -------- d-----w- c:\users\Brandon\AppData\Roaming\mIRC

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-17 16:46 . 2009-01-03 12:24 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-10-14 18:48 . 2010-07-28 00:42 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-10-08 21:40 . 2012-07-12 02:32 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-08 21:40 . 2012-07-06 18:03 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-07 19:03 . 2012-10-07 19:03 133120 ----a-w- c:\programdata\Microsoft\Windows\DRM\B82B.tmp.dat

2012-09-30 00:54 . 2011-08-08 19:48 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-31 1353080]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]

"P2Go_Menu"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-12 98304]

"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2008-07-15 7651328]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-11 417792]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-04-01 273544]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"iTunesHelper"="D:\iTunesHelper.exe" [2012-06-07 421776]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer5"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]

IME File REG_SZ IMSC12.IME

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 35718442

*Deregistered* - 35718442

*Deregistered* - aswMBR

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Themes

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 17:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 21:40]

.

2012-11-07 c:\windows\Tasks\ReclaimerUpdateFiles_Brandon.job

- c:\users\Brandon\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-29 19:22]

.

2012-11-07 c:\windows\Tasks\ReclaimerUpdateXML_Brandon.job

- c:\users\Brandon\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-29 19:22]

.

2012-11-07 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Brandon.job

- c:\users\Brandon\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-29 19:22]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RAVCpl64.exe" [2008-07-03 6342688]

"Skytel"="Skytel.exe" [2007-11-20 1826816]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1216808]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://oc-startpage.aol.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\g6jhj5ri.default\

FF - prefs.js: browser.startup.homepage - google.com

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2012-09-10 13:08; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF - ExtSQL: !HIDDEN! 2009-06-24 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-Adobe Shockwave Player - c:\windows\System32\Adobe\SHOCKW~1\UNWISE.EXE

AddRemove-DVD Flick_is1 - c:\program files (x86)\DVD Flick\unins000.exe

AddRemove-mIRC - c:\program files (x86)\mIRC\uninstall.exe

AddRemove-SecureW2 Enterprise Client - c:\program files (x86)\SecureW2\Uninstall.exe

AddRemove-Tiled - c:\program files (x86)\Tiled\uninstall.exe

.

.

.

Completion time: 2012-11-07 16:17:00

ComboFix-quarantined-files.txt 2012-11-07 21:17

ComboFix2.txt 2012-11-07 18:59

ComboFix3.txt 2012-10-15 00:09

.

Pre-Run: 210,878,464 bytes free

Post-Run: 196,222,976 bytes free

.

- - End Of File - - 2486E8EC7EE9EDA073237DD4F5ED1D15

Link to post
Share on other sites

Good!

I see that your Java software is out of date. Please go to Start >> Control Panel >> Programs and Features >> uninstall all versions of Java.

Now download and install the newest version from here >> http://java.com/en/download/index.jsp

-------------

Clear Java Cache

See this page for instructions on how to clear java's cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked

    • Downloaded Applets
      Downloaded Applications
      Other Files

    [*]Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

    [*]Click OK to leave the Java Control Panel.

----------

Malwarebytes

Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.

----------

ESET Online Scanner

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

----------

Link to post
Share on other sites

As in a bad piece of malware? Could you explain what it was?
Looks like it may have been part of an Alureon trojan that had not gotten a complete hold yet. Rather nasty piece of work.
Link to post
Share on other sites

Your like the Ghost Busters of Malware aren't you.
:lol: I just do the best I can. All the people here at Malwarebytes do a great job and I am just happy to be able to help where I can.
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.