Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: win32.downloader problems

  1. #1
    Junior Member
    Join Date
    Sep 2012
    Posts
    25

    Default win32.downloader problems

    Here are the logs. Thanks for your help!

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2
    Run by Tams at 12:25:41 on 2013-06-06
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4009.2026 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Users\Tams\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Windows\system32\RunDll32.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
    C:\Windows\System32\MsSpellCheckingFacility.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uWindow Title = Windows Internet Explorer provided by AOL
    uDefault_Page_URL = hxxp://www.aol.com/?mtmhp=hyplogusaolp00000004
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} -
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\npchrome_frame.dll
    TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
    TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    mRunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-H7H33.exe" /REG /REGSVRMODE
    StartupFolder: C:\Users\Tams\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Tams\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\Tams\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Free YouTube to MP3 Converter - C:\Users\Tams\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
    DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    TCP: NameServer = 24.217.0.5 24.217.201.67 24.247.15.53
    TCP: Interfaces\{DE06B0DB-24C5-4CE4-9727-3C0D9AB91FEF} : DHCPNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\npchrome_frame.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -
    x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-2-21 55856]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 130008]
    R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
    R2 X5XSEx_Pr143;X5XSEx_Pr143;C:\Program Files (x86)\FantastiGames\X5XSEx_Pr143.sys [2013-4-16 56136]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-2-21 317440]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-21 539240]
    R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
    S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
    S3 LVUVC64;Logitech Webcam 200(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
    S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-1-10 42184]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-26 1255736]
    S4 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]
    S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
    S4 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
    S4 OverwolfUpdaterService;Overwolf Updater Service;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2013-1-1 18360]
    S4 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    S4 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== File Associations ===============
    .
    FileExt: .js: JSFile=C:\Windows\System32\WScript.exe "%1" %* [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2013-06-06 17:02:17 712264 ----a-w- C:\Windows\is-H7H33.exe
    2013-06-06 16:52:04 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C15233D0-D6AD-4580-B46A-F2F78E8116D7}\offreg.dll
    2013-06-06 15:33:20 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C15233D0-D6AD-4580-B46A-F2F78E8116D7}\mpengine.dll
    2013-06-04 20:39:22 9460464 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-05-21 12:33:46 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3E88F32C-6EEC-4C25-8EDF-A26414FB5AC9}\gapaengine.dll
    2013-05-16 01:55:30 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2013-05-16 01:55:30 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
    2013-05-16 01:55:30 144384 ----a-w- C:\Windows\System32\cdd.dll
    2013-05-16 01:55:17 1930752 ----a-w- C:\Windows\System32\authui.dll
    2013-05-16 01:55:15 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
    2013-05-16 01:55:15 111448 ----a-w- C:\Windows\System32\consent.exe
    2013-05-16 01:55:14 70144 ----a-w- C:\Windows\System32\appinfo.dll
    2013-05-16 01:55:00 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
    2013-05-16 01:55:00 230400 ----a-w- C:\Windows\System32\wwansvc.dll
    2013-05-16 01:54:59 3153920 ----a-w- C:\Windows\System32\win32k.sys
    .
    ==================== Find3M ====================
    .
    2013-05-19 14:43:15 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-05-19 14:43:15 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
    2013-04-24 18:34:34 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2013-04-24 18:34:29 1092512 ----a-w- C:\Windows\System32\npDeployJava1.dll
    2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
    2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll
    2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll
    2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll
    2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll
    2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
    2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2013-04-04 19:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-04-04 10:35:05 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-03-22 21:12:07 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2013-03-22 21:12:07 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
    2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
    .
    ============= FINISH: 12:27:12.01 ===============


    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-06-06 12:32:24
    -----------------------------
    12:32:24.919 OS Version: Windows x64 6.1.7601 Service Pack 1
    12:32:24.919 Number of processors: 2 586 0x2A07
    12:32:24.919 ComputerName: TAMS-PC UserName: Tams
    12:32:28.850 Initialize success
    12:33:04.846 AVAST engine defs: 13060600
    12:33:13.582 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    12:33:13.582 Disk 0 Vendor: ST3500413AS JC49 Size: 476940MB BusType: 3
    12:33:13.676 Disk 0 MBR read successfully
    12:33:13.676 Disk 0 MBR scan
    12:33:13.707 Disk 0 Windows VISTA default MBR code
    12:33:13.707 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
    12:33:13.738 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15168 MB offset 81920
    12:33:13.769 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461717 MB offset 31145984
    12:33:13.816 Disk 0 scanning C:\Windows\system32\drivers
    12:33:26.421 Service scanning
    12:33:48.807 Modules scanning
    12:33:48.807 Disk 0 trace - called modules:
    12:33:48.838 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
    12:33:48.838 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c06060]
    12:33:48.838 3 CLASSPNP.SYS[fffff880019a143f] -> nt!IofCallDriver -> [0xfffffa800467db40]
    12:33:48.838 5 ACPI.sys[fffff88000f177a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800473c060]
    12:33:57.184 AVAST engine scan C:\Windows
    12:33:59.883 AVAST engine scan C:\Windows\system32
    12:37:42.918 AVAST engine scan C:\Windows\system32\drivers
    12:37:55.601 AVAST engine scan C:\Users\Tams
    12:38:31.075 Disk 0 MBR has been saved successfully to "C:\Users\Tams\Desktop\MBR.dat"
    12:38:31.091 The log file has been saved successfully to "C:\Users\Tams\Desktop\aswMBR.txt"



    Yontoo.Pagerage: [SBI $7EA79EE0] Settings (Registry key, nothing done)
    HKEY_CLASSES_ROOT\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}

    Win32.Downloader.gen: [SBI $82F4FAFD] Data (File, nothing done)
    C:\end
    Properties.size=0
    Properties.md5=D41D8CD98F00B204E9800998ECF8427E
    Properties.filedate=1367170933
    Properties.filedatetext=2013-04-28 12:42:12
    Attached Files Attached Files

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi y_molina,

    Log is a few days old. If you still need help simply reply back.
    How Can I Reduce My Risk?

  3. #3
    Junior Member
    Join Date
    Sep 2012
    Posts
    25

    Default

    Yes, I would like help. Thank you.

    Quote Originally Posted by shelf life View Post
    hi y_molina,

    Log is a few days old. If you still need help simply reply back.

  4. #4
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    ok. To start we will get a download to use.

    Please download adwcleaner.exe to your desktop.
    Right click on AdwCleaner.exe and select "run as admin"
    Click on Search
    A log file .txt will automatically open after the scan has finished.
    Close the log file window.
    Back at the adwcleaner window, click on delete.
    Machine will reboot and at restart post a log.
    Please copy/paste that log in your reply.
    You can also find the logfiles at root drive C:\AdwCleaner[R1].txt[R2].txt etc
    How Can I Reduce My Risk?

  5. #5
    Junior Member
    Join Date
    Sep 2012
    Posts
    25

    Default Adwcleaner log

    # AdwCleaner v2.303 - Logfile created 06/15/2013 at 08:50:01
    # Updated 08/06/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Tams - TAMS-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Tams\Desktop\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\END
    File Deleted : C:\user.js
    Folder Deleted : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
    Folder Deleted : C:\Program Files (x86)\FantastiGames
    Folder Deleted : C:\ProgramData\APN
    Folder Deleted : C:\ProgramData\FantastiGames
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\ProgramData\Trymedia
    Folder Deleted : C:\Users\Tams\AppData\LocalLow\incredibar.com
    Folder Deleted : C:\Users\Tams\AppData\Roaming\DealPly
    Folder Deleted : C:\Users\Tams\AppData\Roaming\dvdvideosoftiehelpers
    Folder Deleted : C:\Users\Tams\AppData\Roaming\OpenCandy

    ***** [Registry] *****

    Key Deleted : HKCU\Software\BI
    Key Deleted : HKCU\Software\ilivid
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
    Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
    Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
    Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
    Key Deleted : HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{103DFC4E-147A-5606-9B4E-1C216DF227A1}
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\IB Updater
    Key Deleted : HKLM\Software\InstallIQ
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{44d07caa-4fc4-5a84-9951-a485ad808d0e}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{44d07caa-4fc4-5a84-9951-a485ad808d0e}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
    Key Deleted : HKLM\SOFTWARE\Tarma Installer
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16611

    [OK] Registry is clean.

    -\\ Google Chrome v27.0.1453.110

    File : C:\Users\Tams\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [4842 octets] - [15/06/2013 08:48:59]
    AdwCleaner[S2].txt - [4808 octets] - [15/06/2013 08:50:01]

    ########## EOF - C:\AdwCleaner[S2].txt - [4868 octets] ##########


    Quote Originally Posted by shelf life View Post
    ok. To start we will get a download to use.

    Please download adwcleaner.exe to your desktop.
    Right click on AdwCleaner.exe and select "run as admin"
    Click on Search
    A log file .txt will automatically open after the scan has finished.
    Close the log file window.
    Back at the adwcleaner window, click on delete.
    Machine will reboot and at restart post a log.
    Please copy/paste that log in your reply.
    You can also find the logfiles at root drive C:\AdwCleaner[R1].txt[R2].txt etc

  6. #6
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    ok good. Just for good measure we will get one more download that is very similar to Adwcleaner.


    Please download JRT.exe to your desktop
    Right click and select "run as admin"
    The tool will open and start scanning.
    Please be patient as this can take a while to complete.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next reply
    How Can I Reduce My Risk?

  7. #7
    Junior Member
    Join Date
    Sep 2012
    Posts
    25

    Default JRT Log

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.9.4 (05.06.2013:1)
    OS: Windows 7 Home Premium x64
    Ran by Tams on Mon 06/17/2013 at 5:39:43.50
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\firstsearch
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\torch
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\torch



    ~~~ Files

    Successfully deleted: [File] C:\eula.1028.txt
    Successfully deleted: [File] C:\eula.1031.txt
    Successfully deleted: [File] C:\eula.1033.txt
    Successfully deleted: [File] C:\eula.1036.txt
    Successfully deleted: [File] C:\eula.1040.txt
    Successfully deleted: [File] C:\eula.1041.txt
    Successfully deleted: [File] C:\eula.1042.txt
    Successfully deleted: [File] C:\eula.2052.txt
    Successfully deleted: [File] C:\install.res.1028.dll
    Successfully deleted: [File] C:\install.res.1031.dll
    Successfully deleted: [File] C:\install.res.1033.dll
    Successfully deleted: [File] C:\install.res.1036.dll
    Successfully deleted: [File] C:\install.res.1040.dll
    Successfully deleted: [File] C:\install.res.1041.dll
    Successfully deleted: [File] C:\install.res.1042.dll
    Successfully deleted: [File] C:\install.res.2052.dll
    Successfully deleted: [File] C:\install.res.3082.dll



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\Tams\appdata\local\torch"
    Successfully deleted: [Folder] "C:\Program Files (x86)\free youtube downloader"
    Successfully deleted: [Empty Folder] C:\Users\Tams\appdata\local\{1E364CF2-2945-4DE8-9106-19F4DE817049}
    Successfully deleted: [Empty Folder] C:\Users\Tams\appdata\local\{2A7B2FC7-AF8D-4782-A11D-9D02409F25C7}
    Successfully deleted: [Empty Folder] C:\Users\Tams\appdata\local\{3E0B0BD4-A1CB-4E32-B563-5536918A3FB5}
    Successfully deleted: [Empty Folder] C:\Users\Tams\appdata\local\{657641D8-ECAE-4C56-83CF-C0C9D89C9A44}
    Successfully deleted: [Empty Folder] C:\Users\Tams\appdata\local\{6DC19094-1E00-446E-BAAE-CAC316ECF32C}
    Successfully deleted: [Empty Folder] C:\Users\Tams\appdata\local\{6F16DF9D-50A5-4440-B893-659D358879C2}
    Successfully deleted: [Empty Folder] C:\Users\Tams\appdata\local\{8D7E84CB-3B80-4B6F-B310-9B63C8432BEE}
    Successfully deleted: [Empty Folder] C:\Users\Tams\appdata\local\{BE88C888-7C8B-4F7D-91D6-67D617146851}
    Successfully deleted: [Empty Folder] C:\Users\Tams\appdata\local\{D258F706-ACEC-4B59-9614-6E8BAB298E4E}



    ~~~ Chrome

    Successfully deleted: [Folder] C:\Users\Tams\appdata\local\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 06/17/2013 at 5:42:35.94
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    Quote Originally Posted by shelf life View Post
    ok good. Just for good measure we will get one more download that is very similar to Adwcleaner.


    Please download JRT.exe to your desktop
    Right click and select "run as admin"
    The tool will open and start scanning.
    Please be patient as this can take a while to complete.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next reply

  8. #8
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    ok Good. Go ahead and try running Spybot now. Should be clean.
    How Can I Reduce My Risk?

  9. #9
    Junior Member
    Join Date
    Sep 2012
    Posts
    25

    Default

    Ok it seems all is well again. Anything else I need to do or know? I appreciate your time and help!

    Quote Originally Posted by shelf life View Post
    ok Good. Go ahead and try running Spybot now. Should be clean.

  10. #10
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    Ok Your Welcome. You can delete the Adwcleaner and JRT icons from your desktop, as well as the logs. Also you can delete aswmbr. Note the free version of Malwarebytes must be updated manually and a scan started manually. Some tips for you.


    No software can think for you. Help yourself. In no special order:

    1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the Windows auto-update feature. Staying updated is also essential for other web based applications like Java, Adobe Flash/Reader, iTunes etc. More and more third party applications are being targeted. Use the auto-update features available in most software. Not sure if you are using the latest version of software? Check their version status and get the updates here.
    Check your browser for vulnerabilities.

    2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars or other "offers" if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this.

    3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits or a lack of habits*.

    4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. See also E-mail phishing Tricks.

    5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

    6) Don't click on offers to "scan" your computer. Install ActiveX Objects and Java Applets with care. Do you trust the website to install components?

    7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and Windows 7 attempts to address.

    Every MS remote code execution bulletin ends with this sentence: "Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."

    8) Use Windows native firewall and get a inexpensive hardware router.

    9) Your browser risks: The why and how to secure your browser for safer surfing.

    10) Warez, cracks etc are very popular for carrying malware payloads. If you look for these you will encounter malware. If you download/install files via p2p networks you will encounter malware. Can you really trust the source of the file?


    More info/tips with pictures, link below

    Happy Safe Surfing.
    How Can I Reduce My Risk?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •