I think I have a virus...

[tree_fu_go]

This topic is about Computer #2.

Today when I turned on the computer, it was very slow at startup and I noticed this process in task manager that was there for approx 3 seconds:

96467cef-2aeb-47a1-a858-3d8d99485881.exe

Location: C:\Windows\Temp

Size: 68.3 KB (70,040 bytes)

Size on disk: 72.0 KB (73,728 bytes)

Created: Today, ‎1 ‎February ‎2013, ‏‎7:30:12 AM

Modified: Today, ‎1 ‎February ‎2013, ‏‎7:30:16 AM

Accessed: Today, ‎1 ‎February ‎2013, ‏‎7:30:12 AM

On the security tab in properties, it says:

The requested security information is either unavailable or can't be displayed.

Now, to me (Being no virus expert) sounds like a virus.

Avast and mbam come up clean.

Malwarebytes log:

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.31.09

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

User :: USER-PC [administrator]

1/02/2013 7:31:35 AM

mbam-log-2013-02-01 (07-31-35).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 204105

Time elapsed: 6 minute(s), 51 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0<

(No malicious items detected)<

Files Detected: 0

(No malicious items detected)

(end)

Okay, Im guessing im suppose to post a dds log or something, I will do that right now and post the log soon.

Ive got Windows Vista.

[tree_fu_go]

Okay here are the dds logs, I hope I did it right:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_29

Run by User at 9:05:53 on 2013-02-01

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3582.2233 [GMT 8:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\Dwm.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\System32\notepad.exe

C:\Windows\system32\ctfmon.exe

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.au/

BHO: AutorunsDisabled -

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: NameServer = 10.0.0.138

TCP: Interfaces\{3B75312C-F1B7-474E-AD48-0B462BF2C3AF} : DHCPNameServer = 10.0.0.138

TCP: Interfaces\{8E41EC94-4887-4369-A00D-6C7D6BABF912} : DHCPNameServer = 10.1.10.11

TCP: Interfaces\{AF4A1D32-F479-46EC-99A9-BE04869197F6} : DHCPNameServer = 10.1.10.11

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\vf26uwhl.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll

FF - plugin: c:\users\user\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\users\user\appdata\roaming\facebook\npfbplugin_1_0_1.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll

FF - ExtSQL: !HIDDEN! 2011-12-02 16:50; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-27 738504]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-27 361032]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-20 219136]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-27 21256]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-3-27 58680]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-27 44808]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2012-2-23 83984]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\users\user\appdata\local\temp\rarsfx1\kerneld.wnt [2010-1-21 26224]

S3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Vista Driver;c:\windows\system32\drivers\RTL8150.SYS [2006-12-25 21504]

S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-1-30 15656]

S4 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-1-30 2789672]

.

=============== Created Last 30 ================

.

2013-01-31 12:31:55 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes

2013-01-31 12:31:40 -------- d-----w- c:\programdata\Malwarebytes

2013-01-31 12:31:37 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-31 12:31:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-01-23 06:35:24 9728 ----a-w- c:\windows\system32\Wdfres.dll

2013-01-23 06:35:12 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2013-01-23 06:35:12 16896 ----a-w- c:\windows\system32\winusb.dll

2013-01-23 06:35:12 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2013-01-23 06:35:11 73216 ----a-w- c:\windows\system32\WUDFSvc.dll

2013-01-23 06:35:11 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll

2013-01-23 06:35:10 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2013-01-23 06:35:09 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2013-01-23 06:35:06 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2013-01-23 06:35:06 196608 ----a-w- c:\windows\system32\WUDFHost.exe

2013-01-23 06:35:05 613888 ----a-w- c:\windows\system32\WUDFx.dll

2013-01-23 06:33:02 34304 ----a-w- c:\windows\system32\atmlib.dll

2013-01-23 06:33:02 293376 ----a-w- c:\windows\system32\atmfd.dll

2013-01-23 05:43:45 -------- d-----w- c:\program files\AMD APP

2013-01-23 05:36:59 -------- d-----w- C:\AMD

2013-01-23 05:02:33 623616 ----a-w- c:\windows\system32\localspl.dll

2013-01-23 05:02:30 75776 ----a-w- c:\windows\system32\synceng.dll

2013-01-23 05:02:28 2048000 ----a-w- c:\windows\system32\win32k.sys

2013-01-23 05:02:27 376320 ----a-w- c:\windows\system32\dpnet.dll

2013-01-23 05:02:27 23040 ----a-w- c:\windows\system32\dpnsvr.exe

2013-01-23 05:02:26 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys

2013-01-23 05:02:00 204288 ----a-w- c:\windows\system32\ncrypt.dll

2013-01-23 04:44:54 2422272 ----a-w- c:\windows\system32\wucltux.dll

2013-01-23 04:44:37 88576 ----a-w- c:\windows\system32\wudriver.dll

2013-01-23 04:44:32 33792 ----a-w- c:\windows\system32\wuapp.exe

2013-01-23 04:44:32 171904 ----a-w- c:\windows\system32\wuwebv.dll

2013-01-23 04:43:55 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{92ab7671-5a35-424b-89a4-03e52d3293a4}\mpengine.dll

.

==================== Find3M ====================

.

2013-01-23 05:39:07 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-01-23 05:39:07 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-19 20:50:10 5630200 ----a-w- c:\windows\system32\atiumdag.dll

2012-12-19 20:47:46 9647104 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-12-19 20:22:48 58880 ----a-w- c:\windows\system32\coinst_9.012.dll

2012-12-19 20:19:46 163840 ----a-w- c:\windows\system32\atiapfxx.exe

2012-12-19 20:18:02 46080 ----a-w- c:\windows\system32\aticalrt.dll

2012-12-19 20:17:52 44032 ----a-w- c:\windows\system32\aticalcl.dll

2012-12-19 20:13:24 13703168 ----a-w- c:\windows\system32\aticaldd.dll

2012-12-19 20:12:44 18982400 ----a-w- c:\windows\system32\atioglxx.dll

2012-12-19 20:09:52 960512 ----a-w- c:\windows\system32\aticfx32.dll

2012-12-19 20:06:00 6681088 ----a-w- c:\windows\system32\atidxx32.dll

2012-12-19 19:57:00 442368 ----a-w- c:\windows\system32\atidemgy.dll

2012-12-19 19:56:24 482304 ----a-w- c:\windows\system32\atieclxx.exe

2012-12-19 19:55:48 219136 ----a-w- c:\windows\system32\atiesrxx.exe

2012-12-19 19:54:30 163840 ----a-w- c:\windows\system32\atitmmxx.dll

2012-12-19 19:54:20 20992 ----a-w- c:\windows\system32\atimuixx.dll

2012-12-19 19:54:12 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2012-12-19 19:44:28 4162048 ----a-w- c:\windows\system32\atiumdva.dll

2012-12-19 19:33:40 56832 ----a-w- c:\windows\system32\atimpc32.dll

2012-12-19 19:33:40 56832 ----a-w- c:\windows\system32\amdpcom32.dll

2012-12-19 19:33:30 421888 ----a-w- c:\windows\system32\atiadlxx.dll

2012-12-19 19:33:14 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2012-12-19 19:33:04 33280 ----a-w- c:\windows\system32\atigktxx.dll

2012-12-19 19:32:06 442368 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-12-19 19:31:08 109568 ----a-w- c:\windows\system32\atiuxpag.dll

2012-12-19 19:30:52 83968 ----a-w- c:\windows\system32\atiu9pag.dll

2012-12-19 19:30:26 37376 ----a-w- c:\windows\system32\atitmpxx.dll

2012-12-19 19:30:16 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-12-19 07:45:04 180224 ----a-w- c:\windows\system32\clinfo.exe

2012-12-19 07:44:42 65536 ----a-w- c:\windows\system32\OpenVideo.dll

2012-12-19 07:44:32 56320 ----a-w- c:\windows\system32\OVDecode.dll

2012-12-19 07:38:48 28732928 ----a-w- c:\windows\system32\amdocl.dll

2012-12-19 07:34:38 50176 ----a-w- c:\windows\system32\OpenCL.dll

2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-11-13 01:29:51 2048 ----a-w- c:\windows\system32\tzres.dll

.

============= FINISH: 9:06:29.00 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 21/01/2010 6:36:43 AM

System Uptime: 1/02/2013 7:27:33 AM (2 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | EP41T-UD3L

Processor: Intel® Core2 Quad CPU Q6700 @ 2.66GHz | Socket 775 | 2667/266mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 466 GiB total, 299.138 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.4.6

Adobe Shockwave Player 11.5

AMD APP SDK Runtime

AMD Catalyst Install Manager

avast! Free Antivirus

Benge's Animated Sprite Pack For FPS Creator

BigPond Broadband ADSL

Canon MP160

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Darkspore™

EA Download Manager

Facebook Plug-In

FPS Creator

FPS Creator Model Pack - 1

FPS Creator Model Pack - 17

FPS Creator Model Pack - 24

FPS Creator Model Pack - 25

FPS Creator Model Pack - 29

FPS Creator Model Pack - 3

FPS Creator Model Pack - 36

FPS Creator Model Pack - 7

FPS Creator Model Pack - 8 - Egypt - V2

FPS Creator Model Pack 11

FPS Creator Model Pack 12

FPS Creator Model Pack 13

FPS Creator Model Pack 14

FPS Creator Model Pack 15

FPS Creator Model Pack 43

FPSC V-Packer Trial

GIMP 2.6.7

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Java Auto Updater

Java 6 Update 29

LEGO Digital Designer

LightScribe System Software 1.14.17.1

Logitech Webcam Software

Logitech Webcam Software Driver Package

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2742597)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

Mozilla Thunderbird (3.1.7)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

neroxml

Origin

Realtek 8136 8168 8169 Ethernet Driver

Realtek High Definition Audio Driver

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Sony ACID Music Studio 7.0

SPORE™

SPORE™ Creepy & Cute Parts Pack

SPORE™ Galactic Adventures

The 3D Gamemaker

Unity Web Player

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Vista Codec Package

Wacom Tablet

Windows Driver Package - Atheros Communications Inc. (arusb_lh) Net (09/25/2008 3.1.0.101)

Windows Driver Package - NETGEAR Inc. (RTLWUSB) Net (03/27/2006 5.1213.06.0327)

.

==== End Of File ===========================

[MrCharlie]

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

[tree_fu_go]

Okay, thankyou for responding.

Just a little question before I do the scan.

Does the USB to connect my mouse to my computer count as a usb drive? Do i have to remove that too?

[MrCharlie]

No, just any pen drives or external usb drives.

MrC

[tree_fu_go]

When I run it says: Error, Your version is outdated. Please download the new version. Download it on the website?

Do I do yes or no?

[MrCharlie]

Yes go ahead, same message I got when I tried it.

The site is safe. MrC

[tree_fu_go]

Sorry for being annoying but I'm on the website but where do I update? I dont see anything that says update... Sorry again..

[MrCharlie]

Here you go.....you want the 32bit version:

http://tigzy.geekstogo.com/roguekiller.php

MrC

[tree_fu_go]

So I did that, downloaded it from the website, saved it to the desktop and I replaced the other roguekiller but it still says its outdated. Did I do something wrong?

Do I just scan anyway?

[MrCharlie]

Something is mixed up on their end, just say no and run the scan. MrC

[tree_fu_go]

OKay here it is:

RogueKiller V8.4.4 [Feb 1 2013] by Tigzy

mail : tigzyRKgmailcom

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User : User [Admin rights]

Mode : Scan -- Date : 02/02/2013 08:29:23

| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AADS-00M2B0 ATA Device +++++

--- User ---

[MBR] 14ebf82ab702e90889663efd49395b40

[bSP] aad5dcf29311d670b9a3ceef75306a18 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : >

RKreport[1]_S_02022013_02d0829.txt

[MrCharlie]

Not much showing, lets run some scans........

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

MBAR tutorial

Download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
  
• Open the folder where the contents were unzipped and run mbar.exe
  
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  
• Wait while the system shuts down and the cleanup process is performed.
  
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
  

To attach a log if needed:

Bottom right corner of this page.

New window that comes up.

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.

Verify that your system is now functioning normally.

MrC

[tree_fu_go]

Um, how do I create a new system restore point?

[MrCharlie]

Here you go:

http://www.howtogeek.com/howto/windows-vista/create-a-restore-point-for-windows-vistas-system-restore/

MrC

[tree_fu_go]

Yes, sorry, one more thing. What does this mean: "Unzip the contents to a folder in a convenient location."? How do I do this? Im not very familiar with zip files.

And do I save or open with...? (Im using firefox)

Sorry for being annoying and asking 100 questions before doing anything.... :/

[MrCharlie]

In order to unzip a file, you simply have to double click on it. The archive will open just as an ordinary folder and you will be able to perform all the usual tasks associated with managing files in Explorer. You can open, copy, cut, paste, move, drag, drop, rename etc. All within the archive. In order to extract all the contents you can simply copy and paste the compressed items in another location or hit the "Extract all" button underneath the Address Bar and select a destination.

http://news.softpedi...sta-43588.shtml

Then save it somewhere.

I don't have Vista but that should do it. MrC

[tree_fu_go]

Okay the scan is done, nothing found.

Im not sure if Im suppose to attach the logs or not but I attached them anyway, if you want me to post them then I'll post it.

mbar-log-2013-02-02 (10-06-06).txt

system-log.txt

[MrCharlie]

Next............

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[tree_fu_go]

Sorry... Just a few questions...

Do I need to disable the entire anti-virus/anti-malware program or just any real time protection?

Do I also need to disable my firewall?

Once the ComboFix scan is done, can I re-enable my anti-virus and anti-malware programs or do I need to delete it first?

[MrCharlie]

Do I need to disable the entire anti-virus/anti-malware program or just any real time protection?

Just the realtime protection

Do I also need to disable my firewall?

You shouldn't have but if ComboFix ask you to...you'll have to

Once the ComboFix scan is done, can I re-enable my anti-virus and anti-malware programs or do I need to delete it first?

Yes

MrC

[tree_fu_go]

Okay I tried to run ComboFix and it said this:

NSIS Error

Installer integrity check has failed. Common causes include incomplete download and damaged media. Contact the installer's author to optain a new copy.

More information at:

http://nsis.sf.net/NSIS_Error

I saved it to the desktop, I disabled my anti-virus realtime protection. I closed all other windows. Did I do something wrong??

[MrCharlie]

Delete your copy and download a fresh one and try it.

Did you follow the suggestions here:

http://nsis.sourceforge.net/NSIS_Error

MrC

[tree_fu_go]

Do i just right click combofix and click Delete or do I have to uninstall it?

On the tutorial on bleeping computer it says:

To uninstall ComboFix from Windows Vista or Windows 7 please perform the following steps:

Click on the Start button () and then in the Search field enter

combofix /uninstall, as shown in the image below with the blue arrow.

Please note that there is a space between combofix and /uninstall.

I tried searching combofix \uninstall, (noting that there is a space between combofix and /uninstall) and No items match my search.

[tree_fu_go]

Um just then, I saw a couple of processes running in task manager that i don't remember seeing yesterday.

They don't look like viruses themselves but i just thought i'd let you know:

mpcmdrun.exe - Windows defender command line utility.  I dont use Windows defender so I am not sure what this does...

schtask.exe - Manages scheduled tasks.

Also, one of the svchost.exe in task manager is using around 10 - 25 CPU and I'm not doing anything.

When I click on Go to service(s), it shows me WinDefend. Again, I haven't touched windows defender, I'm not even sure if I have it enabled or not.. The Memory is 25,916 K and its running under SYSTEM.

On the resource monitor, under Disk, it was showing up svchost with lots of files.

i don't know how to explain it, it looked like this:

Image:                 PID:                  File:                                         Read (B/min)    blah blah all that stuff

svchost.exe        (I forgot)          C:\pagefile.sys (Page File)     Don't remember anything else

Except there was lots of svchost with lots of different files, C:\pagefile.sys (Page File) was the only file I remember.So I'm guessing either windows defender is doing a scan or something else...I don't know i just thought I should let you know in case you know what it means, it probably nothing but yeah..Also, thanks for helping me so far.Oh and by the way, so far, has any of the scans you've told me to do showed up any signs of a virus, malware, adware or anything yet? Just curious, because I wasn't exactly sure if I did have a virus when I started the topic...