Jump to content

Am I infected?


Recommended Posts

I opened a program which I haven't used for 1 month and Avast! stopped the program from opening and sent it to the Quarentine Virus Chest, I can't past a screen shot.  I did this twice and the virus names were slightly different and I couldn't find anything on these viruses on a google search.  Virus name GLB3E03.tmp and GLBBEF3.tmp.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16526
Run by Dr Minow Dell 8300 at 17:22:24 on 2013-12-18
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.12270.9939 [GMT -8:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\iolo\System Mechanic Professional\iologovernor64.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Soda PDF 5\HelperService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\SugarSync\SugarSync.exe
C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe
C:\Windows\System32\wiawow64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\splwow64.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.


mWinlogon: Userinit = userinit.exe,
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Soda PDF 5 IE Helper: {C737F472-1193-4281-BF53-A00B67AB3E19} - C:\Program Files (x86)\Soda PDF 5\PDFIEHelper.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Soda PDF 5 IE Toolbar: {F335ABA2-FDB4-4644-92B2-5CC4B0FC91D6} - C:\Program Files (x86)\Soda PDF 5\PDFIEPlugin.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [sugarSync] "C:\Program Files (x86)\SugarSync\SugarSync.exe" -startInTray -usedelay=true
mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [updReg] C:\Windows\UpdReg.EXE
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\e476afbe-8f49-4206-93d5-6a45ee50c6bf.exe /check
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANSN~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &ieSpell Options - C:\Program Files\ieSpell\ieSpell.dll/SPELLOPTION.HTM
IE: Check &Spelling - C:\Program Files\ieSpell\ieSpell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\ieSpell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\ieSpell.dll/SPELLOPTION.HTM
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.







TCP: NameServer = 192.168.1.254
TCP: Interfaces\{D350710D-241D-4AA8-AEF8-FF2535C5FD7C} : DHCPNameServer = 192.168.1.254
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [Onboard] C:\Program Files\Western Digital\WD SmartWare\BackupTask.exe /Onboard "C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\System32\SSCbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\System32\SSCbFsMntNtf3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dr Minow Dell 8300\AppData\Roaming\Mozilla\Firefox\Profiles\1bui9urv.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - ExtSQL: 2013-11-22 14:40; info@priceblink.com; C:\Users\Dr Minow Dell 8300\AppData\Roaming\Mozilla\Firefox\Profiles\1bui9urv.default\extensions\info@priceblink.com.xpi
FF - ExtSQL: 2013-11-22 14:44; nosquint@urandom.ca; C:\Users\Dr Minow Dell 8300\AppData\Roaming\Mozilla\Firefox\Profiles\1bui9urv.default\extensions\nosquint@urandom.ca.xpi
FF - ExtSQL: 2013-11-26 15:26; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-12-14 11:30; FFSodaPDF5Converter@sodapdf.com; C:\Program Files (x86)\Soda PDF 5\FFSoda5Ext
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-4-18 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-4-18 205320]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-4-18 55856]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-9-22 22600]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-4-18 1032416]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-4-18 409832]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2013-4-18 30752]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-4-18 38984]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-4-18 84328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-11-26 50344]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-4-17 13592]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2013-12-14 1168960]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-14 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-14 682344]
R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2013-12-14 82160]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-2-7 1223704]
R2 Soda PDF 5 Helper Service;Soda PDF 5 Helper Service;C:\Program Files (x86)\Soda PDF 5\HelperService.exe [2012-12-7 1236824]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-4-12 231440]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-4-12 317440]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2013-4-12 406056]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-14 24176]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-2-7 18456]
R3 SSCBFS3;SugarSync CallBack File System driver v3;C:\Windows\System32\drivers\sscbfs3.sys [2013-5-30 347904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Soda PDF 5 Service;Soda PDF 5 Service;C:\Program Files (x86)\Soda PDF 5\ConversionService.exe [2012-12-7 874328]
S2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2013-4-22 1042808]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-18 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-15 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-4-18 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-18 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-4-12 204288]
S4 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-9-4 1116656]
S4 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-9-4 219632]
S4 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-2-7 660504]
S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S4 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2013-4-22 270192]
.
=============== Created Last 30 ================
.
2013-12-18 15:00:05 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5BB359BD-1438-4071-BC06-B73E2FCB320B}\offreg.dll
2013-12-17 11:03:05 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5BB359BD-1438-4071-BC06-B73E2FCB320B}\mpengine.dll
2013-12-14 20:54:31 2155152 ----a-w- C:\Windows\System32\Incinerator64.dll
2013-12-14 20:54:30 2097984 ----a-w- C:\Windows\SysWow64\Incinerator32.dll
2013-12-14 20:54:27 82160 ----a-w- C:\Windows\System32\drivers\PDFsFilter.sys
2013-12-14 20:54:27 57584 ----a-w- C:\Windows\System32\iolobtdfg.exe
2013-12-14 20:54:27 26184 ----a-w- C:\Windows\System32\smrgdf.exe
2013-12-14 20:54:27 -------- d-----w- C:\ProgramData\ioloGovernor
2013-12-14 20:54:26 69000 ----a-w- C:\Windows\System32\offreg.dll
2013-12-14 20:54:26 56200 ----a-w- C:\Windows\SysWow64\offreg.dll
2013-12-14 20:54:26 -------- d-----w- C:\Users\Dr Minow Dell 8300\AppData\Roaming\ioloGovernor
2013-12-14 20:54:26 -------- d-----w- C:\Program Files (x86)\iolo
2013-12-14 20:42:51 -------- d-----w- C:\Windows\SysWow64\spool
2013-12-14 20:42:51 -------- d-----w- C:\Users\Dr Minow Dell 8300\AppData\Local\Sony
2013-12-14 20:42:51 -------- d-----w- C:\Program Files (x86)\Sony
2013-12-14 20:30:18 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-14 20:30:18 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-14 20:30:18 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-14 20:30:17 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-14 20:26:55 -------- d-----w- C:\Windows\Migration
2013-12-14 20:09:10 74703 ----a-w- C:\Windows\SysWow64\mfc45.dat
2013-12-14 20:09:10 -------- d-----w- C:\Users\Dr Minow Dell 8300\AppData\Roaming\iolo
2013-12-14 20:09:10 -------- d-----w- C:\ProgramData\iolo
2013-12-14 19:35:31 -------- d-----w- C:\Users\Dr Minow Dell 8300\AppData\Roaming\PDF Software
2013-12-14 19:30:54 -------- d-----w- C:\Users\Dr Minow Dell 8300\AppData\Roaming\APP_NAME_NON_STRING
2013-12-14 19:30:38 -------- d-----w- C:\Program Files (x86)\Soda PDF 5
2013-12-14 19:29:15 -------- d-----w- C:\Program Files (x86)\Common Files\Soda PDF 5
2013-12-14 16:01:50 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-12-14 16:01:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-11 04:55:33 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-12-11 04:55:33 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-12-11 04:55:32 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-12-11 04:55:31 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-12-11 04:55:31 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-12-11 04:55:31 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-12-11 04:55:30 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-12-11 04:55:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-12-11 04:55:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-12-11 04:55:27 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-12-11 04:55:27 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-12-11 04:55:00 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-12-11 04:54:59 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-12-11 04:54:59 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-12-11 04:54:59 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-12-11 04:54:59 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-12-11 04:54:59 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-12-11 04:54:59 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-12-11 04:54:59 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-11-26 23:30:12 -------- d-----w- C:\Users\Dr Minow Dell 8300\AppData\Roaming\AVAST Software
2013-11-22 22:24:47 -------- d-----w- C:\Users\Dr Minow Dell 8300\AppData\Local\Mozilla
2013-11-22 22:24:41 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
.
==================== Find3M  ====================
.
2013-12-10 18:27:15 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 18:27:15 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-26 23:26:26 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-11-26 23:26:26 84328 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-11-26 23:26:26 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-11-26 23:26:26 205320 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-11-26 23:26:26 1032416 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-11-26 23:26:25 43152 ----a-w- C:\Windows\avastSS.scr
2013-11-19 11:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-15 01:37:29 2334720 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-15 01:29:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-11-15 01:28:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-15 01:22:21 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-15 01:20:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-11-15 01:18:03 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-14 22:50:50 1806848 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-14 22:42:41 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-14 22:42:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-14 22:38:54 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-11-14 22:38:16 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-11-14 22:35:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-10-02 02:22:20 56832 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2013-10-02 02:11:13 13824 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-10-02 02:08:53 12800 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-10-02 01:48:59 56832 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll
2013-10-02 01:48:08 18944 ----a-w- C:\Windows\System32\wksprtPS.dll
2013-10-02 01:29:05 62976 ----a-w- C:\Windows\System32\tsgqec.dll
2013-10-02 01:10:56 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-10-02 00:15:45 1057280 ----a-w- C:\Windows\System32\rdvidcrl.dll
2013-10-02 00:14:58 50176 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll
2013-10-02 00:14:20 17920 ----a-w- C:\Windows\SysWow64\wksprtPS.dll
2013-10-02 00:08:30 83968 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2013-10-02 00:01:16 420864 ----a-w- C:\Windows\System32\wksprt.exe
2013-10-01 23:58:48 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-10-01 23:31:09 1147392 ----a-w- C:\Windows\System32\mstsc.exe
2013-10-01 23:08:10 855552 ----a-w- C:\Windows\SysWow64\rdvidcrl.dll
2013-10-01 22:34:12 1068544 ----a-w- C:\Windows\SysWow64\mstsc.exe
2013-10-01 20:57:46 6578176 ----a-w- C:\Windows\System32\mstscax.dll
2013-10-01 20:55:10 5698048 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:41 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:53 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
.
============= FINISH: 17:22:36.33 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 4/17/2013 12:55:52 PM
System Uptime: 12/18/2013 2:51:57 PM (3 hours ago)
.
Motherboard: Dell Inc. |  | 0Y2MRG
Processor: Intel® Core i7-2600 CPU @ 3.40GHz | CPU 1 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1384 GiB total, 1274.398 GiB free.
D: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Unknown Device
Device ID: USB\VID_0000&PID_0000\6&7947E71&0&4
Manufacturer: (Standard USB Host Controller)
Name: Unknown Device
PNP Device ID: USB\VID_0000&PID_0000\6&7947E71&0&4
Service:
.
==== System Restore Points ===================
.
RP126: 11/19/2013 5:54:24 AM - Windows Update
RP127: 11/19/2013 7:59:12 AM - Windows Update
RP128: 11/19/2013 8:56:01 AM - Windows Modules Installer
RP129: 11/19/2013 9:13:08 AM - Restore Operation
RP130: 11/26/2013 5:28:51 AM - Windows Update
RP131: 11/26/2013 3:24:59 PM - avast! antivirus system restore point
RP132: 11/29/2013 6:08:25 AM - Windows Update
RP133: 12/3/2013 5:46:41 AM - Windows Update
RP134: 12/10/2013 5:59:07 AM - Windows Update
RP135: 12/14/2013 11:29:54 AM - Installed Soda PDF 5
RP136: 12/14/2013 12:22:41 PM - Windows Update
.
==== Installed Programs ======================
.
ABBYY FineReader for ScanSnap 4.1
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.05)
AMD APP SDK Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI AVIVO64 Codecs
ATI Catalyst Install Manager
avast! Free Antivirus
Bonjour
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 2.1
Canon MX860 series MP Drivers
Canon MX860 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CardMinder
CardMinder V4.1
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cozi
Dell Edoc Viewer
Dell MusicStage
Dell Stage
Dell VideoStage
DirectX 9 Runtime
DW WLAN Card
iKnowMed Support Applications
Intel® Control Center
Intel® Rapid Storage Technology
iolo technologies' System Mechanic Professional
iTunes
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Basic 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT Redists
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
Multimedia Card Reader
PhotoShowExpress
Rack2-Filer
Rack2-Viewer (This application may be deleted by deleting Rack2-Filer)
Rack2 Folder Monitor Software
RBVirtualFolder64Inst
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
ScanSnap
ScanSnap Manager
ScanSnap Organizer
Secunia PSI (3.0.0.6005)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
SES Driver
Skype Click to Call
Skype™ 6.10
Soda PDF 5
Sonic CinePlayer Decoder Pack
SpywareBlaster 5.0
SugarSync
THX TruStudio PC
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vegas Movie Studio HD 11.0
WD Quick View
WD SmartWare
WD SmartWare Installer
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (01/19/2011 1.0.0009.0)
Windows Mobile Device Updater Component
Windows Phone Intro Video (ENU)
Zune
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
.
==== Event Viewer Messages From Past Week ========
.
12/18/2013 5:22:40 PM, Error: Service Control Manager [7023]  - The Soda PDF 5 Service service terminated with the following error:  %%-2147467259
12/18/2013 3:48:39 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
12/18/2013 3:48:39 PM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
12/18/2013 3:48:39 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/18/2013 3:47:31 PM, Error: Service Control Manager [7001]  - The WD Backup service depends on the WD Drive Manager service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/18/2013 2:37:00 PM, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 107.
12/18/2013 2:37:00 PM, Error: Schannel [36874]  - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
12/18/2013 2:33:42 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service WDBackup with arguments "" in order to run the server: {81213AB4-5937-4340-88CD-66B4BC80DF73}
12/18/2013 2:33:42 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service WDBackup with arguments "" in order to run the server: {59484148-65C9-4467-A092-3F8380023772}
12/17/2013 10:16:38 AM, Error: volmgr [46]  - Crash dump initialization failed!
12/14/2013 8:06:49 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {B77C4C36-0154-4C52-AB49-FAA03837E47F}  and APPID  {EA022610-0748-4C24-B229-6C507EBDFDBB}  to the user DrMinowDell8300\Dr Minow Dell 8300 SID (S-1-5-21-3091903195-1817203055-3543800137-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
12/14/2013 11:51:45 AM, Error: Service Control Manager [7034]  - The iolo System Service service terminated unexpectedly.  It has done this 2 time(s).
12/14/2013 11:51:22 AM, Error: Service Control Manager [7034]  - The iolo System Service service terminated unexpectedly.  It has done this 1 time(s).
.
==== End Of File ===========================
 

So what do I do next?

Thanks

Link to post
Share on other sites

Hello newbie111 and welcome to Malwarebytes forum.

 

Have you flushed\deleted all temporary files on your system?  and done so, too, for each of your browsers?

 

Turn off your antivirus at this time.
Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK
Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted

Close all the opened windows of any program you started. meaning, clear the deck. The principle is to lighten the load of running programs at the time.

Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark. < = =

look down the screen to Action for potentially unwanted programs PUP &

Clicking the down arrow ***
select "Show in results list and check for removal" from the drop down (arrow) selections. < = = =

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.
Do a FULL Scan. *** <<< ****

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected. < = = =

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, ATTACH the MBAM scan log into a new reply for my review.
IF this is Windows XP, the log would be under this folder
C:\Documents and Settings(Your Profile Name)\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

IF this is Windows Vista or Win7 or Win8:
C:\Users<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs

I need the most current one that starts with the name mbam-log-2013 ( with the latest time & Date stamp)

Please only ATTACH the log files I ask for.

When all done, Re-Enable your antivirus program.

 

 

Close all of your open program windows, saving any of your open work documents, if any.
This next procedure will do a system restart when it finishes.

Download TFC by OldTimer to your desktop
http://oldtimer.geekstogo.com/TFC.exe

Please double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator.)

It will close all programs when run, so make sure you have saved all your work before you begin.
Click the "Start" button to begin the process. Depending on how often you clean temp files.  Let it run uninterrupted to completion.
IF prompted to Reboot, reply "Yes"

 

NOTE:  Your Avast has to be able to delete what it tags as viruses.  If it does not, you should have contacted Avast.

Secondly, any temporarily file   ( as denoted here by the .TMP  ) is fair game for deletion.

You would so a search in Windows, and when found, delete the TMP file.

 

NOTE: Our program is not a "anti-virus".  It is not a substitute or a replacement for such.  That is the function of your Avast.

Just so you know.   These comments are not meant to be personal or aimed at you.  Just being frank.

 

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.