Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possibly downloaded something bad


  • Please log in to reply
19 replies to this topic

#1 OuroborosDOTA

OuroborosDOTA

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 09 December 2014 - 12:30 PM

Hi. So about two days ago a bot on Steam added me and sent me a link. I knew it was scam but I wanted to know if I could scan the link or something so I right clicked it and that activated the download. It downloaded scr file camouflaged as screenshot. I did not open it and immediately deleted it and scanned my computer with Avira and Malwarebytes Anti-Malware. Malwarebytes didn't find anything (threat scan) but this is Avira's event log from the first detection to the last: 

 

Exported events:
 
9.12.2014 19:23 [Real-Time Protection] Registry blocked
      In accordance with security guidelines, the Administrator has blocked access to 
      the registry.
 
9.12.2014 15:43 [Updater] Update successfully carried out
      Update of Avira Free Antivirus on computer TAAVI-PC (192.168.1.8) successful.
      The following files were updated by "http://62.44.200.170/update":
      aevdf.dat 8.11.193.190
      xbv00080.vdf 8.11.193.180
      xbv00081.vdf 8.11.193.184
      xbv00082.vdf 8.11.193.188
      xbv00083.vdf 8.11.193.190
      local000.vdf
 
9.12.2014 15:43 [Scheduler] Job started
      The job "Automatic update"
      was started successfully.
 
9.12.2014 15:38 [Real-Time Protection] Service started
      Service started.
      Version of service: 14.0.7.310
      Version of Engine:
      Version of VDF:
 
9.12.2014 15:38 [Helper Service] Service started
      Service started.
      Version of service: 14.0.7.310
      Version of Engine: 8.3.26.32
      Version of VDF: 8.11.193.176
 
9.12.2014 15:38 [Scheduler] Service started
      The service was started.
       Version of service 14.0.7.310
 
9.12.2014 4:40 [Real-Time Protection] Service stopped
      The service was stopped.
 
9.12.2014 4:40 [Scheduler] Service stopped
      The service was stopped.
 
9.12.2014 1:36 [Real-Time Protection] Service started
      Service started.
      Version of service: 14.0.7.310
      Version of Engine:
      Version of VDF:
 
9.12.2014 1:36 [Helper Service] Service started
      Service started.
      Version of service: 14.0.7.310
      Version of Engine: 8.3.26.32
      Version of VDF: 8.11.193.176
 
9.12.2014 1:35 [Scheduler] Service started
      The service was started.
       Version of service 14.0.7.310
 
9.12.2014 1:13 [Updater] Update successfully carried out
      Update of Avira Free Antivirus on computer TAAVI-PC (192.168.1.8) successful.
      The following files were updated by "http://62.44.200.168/update":
      aevdf.dat 8.11.193.176
      xbv00070.vdf 8.11.193.118
      xbv00071.vdf 8.11.193.138
      xbv00072.vdf 8.11.193.158
      xbv00073.vdf 8.11.193.160
      xbv00074.vdf 8.11.193.162
      xbv00075.vdf 8.11.193.168
      xbv00076.vdf 8.11.193.170
      xbv00077.vdf 8.11.193.172
      xbv00078.vdf 8.11.193.174
      xbv00079.vdf 8.11.193.176
      local001.vdf
 
9.12.2014 1:12 [Scheduler] Job started
      The job "Automatic update"
      was started successfully.
 
 
9.12.2014 1:03 [Real-Time Protection] Host file blocked
      In accordance with security guidelines, the Administrator has blocked access to 
      the Hosts file.
 
8.12.2014 23:31 [System Scanner] Scan
      Scan completed [The scan has been done completely.].
       Number of files: 3175
       Number of directories: 0
       Number of malware: 0
       Number of warnings: 0
 
8.12.2014 23:28 [Real-Time Protection] Service started
      Service started.
      Version of service: 14.0.7.310
      Version of Engine:
      Version of VDF:
 
8.12.2014 23:28 [Helper Service] Service started
      Service started.
      Version of service: 14.0.7.310
      Version of Engine: 8.3.26.32
      Version of VDF: 8.11.193.98
 
8.12.2014 23:27 [Scheduler] Service started
      The service was started.
       Version of service 14.0.7.310
 
8.12.2014 23:26 [Real-Time Protection] Service stopped
      The service was stopped.
 
8.12.2014 23:26 [Scheduler] Service stopped
      The service was stopped.
 
8.12.2014 23:24 [Real-Time Protection] Real-Time Protection disabled
      Real-Time Protection was disabled.
 
8.12.2014 23:21 [System Scanner] Malware found
      The file 'C:\Users\Taavi\AppData\Local\Google\Chrome\User 
      Data\Default\Cache\f_00017a'
      contained a virus or unwanted program 'ADWARE/MultiPlug.Gen7' [adware]
      Action(s) taken:
      The file was moved to the quarantine directory under the name '5167b818.qua'!
 
8.12.2014 23:21 [System Scanner] Scan
      Scan completed [The scan has been done completely.].
       Number of files: 1120
       Number of directories: 0
       Number of malware: 1
       Number of warnings: 0
 
8.12.2014 23:20 [System Scanner] Scan
      Scan completed [The scan has been done completely.].
       Number of files: 1124
       Number of directories: 0
       Number of malware: 0
       Number of warnings: 0
 
8.12.2014 23:19 [Real-Time Protection] Malware found
      Virus or unwanted program 'ADWARE/MultiPlug.Gen7 [adware]'
      detected in file 'C:\Users\Taavi\AppData\Local\Temp\4ACB.tmp.
      Action performed: Transfer to Scanner
 
8.12.2014 23:19 [Real-Time Protection] Malware found
      Virus or unwanted program 'ADWARE/MultiPlug.Gen7 [adware]'
      detected in file 'C:\Users\Taavi\AppData\Local\Google\Chrome\User 
      Data\Default\Cache\f_00017a.
      Action performed: Transfer to Scanner
 
8.12.2014 23:19 [Real-Time Protection] Malware found
      Virus or unwanted program 'ADWARE/MultiPlug.Gen7 [adware]'
      detected in file 'C:\Users\Taavi\AppData\Local\Temp\4ACB.tmp.
      Action performed: Deny access
 
8.12.2014 23:18 [System Scanner] Malware found
      The file 'C:\Users\Taavi\AppData\Local\Google\Chrome\User 
      Data\Default\Cache\f_000157'
      contained a virus or unwanted program 'ADWARE/MultiPlug.Gen7' [adware]
      Action(s) taken:
      The file was deleted.
 
8.12.2014 23:18 [System Scanner] Scan
      Scan completed [The scan has been done completely.].
       Number of files: 1124
       Number of directories: 0
       Number of malware: 1
       Number of warnings: 0
 
8.12.2014 23:18 [System Scanner] Scan
      Scan completed [The scan has been done completely.].
       Number of files: 1128
       Number of directories: 0
       Number of malware: 0
       Number of warnings: 0
 
8.12.2014 23:17 [Real-Time Protection] Malware found
      Virus or unwanted program 'ADWARE/MultiPlug.Gen7 [adware]'
      detected in file 'C:\Users\Taavi\AppData\Local\Google\Chrome\User 
      Data\Default\Cache\f_000157.
      Action performed: Transfer to Scanner
 
8.12.2014 23:17 [Real-Time Protection] Malware found
      Virus or unwanted program 'ADWARE/MultiPlug.Gen7 [adware]'
      detected in file 'C:\Users\Taavi\AppData\Local\Temp\C54B.tmp.
      Action performed: Transfer to Scanner
 
8.12.2014 23:17 [Real-Time Protection] Malware found
      Virus or unwanted program 'ADWARE/MultiPlug.Gen7 [adware]'
      detected in file 'C:\Users\Taavi\AppData\Local\Temp\C54B.tmp.
      Action performed: Deny access
 
8.12.2014 22:39 [Real-Time Protection] Service started
      Service started.
      Version of service: 14.0.7.310
      Version of Engine:
      Version of VDF:
 
8.12.2014 22:39 [Helper Service] Service started
      Service started.
      Version of service: 14.0.7.310
      Version of Engine: 8.3.26.32
      Version of VDF: 8.11.193.98
 
8.12.2014 22:38 [Scheduler] Service started
      The service was started.
       Version of service 14.0.7.310
 
8.12.2014 21:53 [Real-Time Protection] Service started
      Service started.
      Version of service: 14.0.7.310
      Version of Engine:
      Version of VDF:
 
8.12.2014 21:53 [Helper Service] Service started
      Service started.
      Version of service: 14.0.7.310
      Version of Engine: 8.3.26.32
      Version of VDF: 8.11.193.98
 
8.12.2014 21:53 [Scheduler] Service started
      The service was started.
       Version of service 14.0.7.310
 
8.12.2014 19:41 [System Scanner] Scan
      Scan completed [The scan has been canceled!].
       Number of files: 184190
       Number of directories: 1340
       Number of malware: 0
       Number of warnings: 0
 
8.12.2014 19:13 [Updater] Update successfully carried out
      Update of Avira Free Antivirus on computer TAAVI-PC (192.168.1.8) successful.
      The following files were updated by "http://62.44.200.168/update":
      aevdf.dat
      xbv00068.vdf
      xbv00069.vdf
      local000.vdf
 
8.12.2014 19:13 [Scheduler] Job started
      The job "Complete system scan"
      was started successfully.
 
8.12.2014 19:12 [Scheduler] Job started
      The job "Automatic update"
      was started successfully.
 
8.12.2014 19:08 [Real-Time Protection] Service started
      Service started.
      Version of service: 14.0.7.310
      Version of Engine:
      Version of VDF:
 
8.12.2014 19:08 [Helper Service] Service started
      Service started.
      Version of service: 14.0.7.310
      Version of Engine: 8.3.26.32
      Version of VDF: 8.11.193.76
 
8.12.2014 19:07 [Scheduler] Service started
      The service was started.
       Version of service 14.0.7.310
 
8.12.2014 6:25 [Scheduler] Service stopped
      The service was stopped.
 
8.12.2014 6:25 [Real-Time Protection] Service stopped
      The service was stopped.
 
8.12.2014 6:25 [System Scanner] Scan
      Scan completed [The scan has been canceled!].
       Number of files: 627558
       Number of directories: 18083
       Number of malware: 0
       Number of warnings: 0
 
8.12.2014 5:43 [System Scanner] Scan
      Scan completed [The scan has been done completely.].
       Number of files: 3191
       Number of directories: 0
       Number of malware: 0
       Number of warnings: 0
 
8.12.2014 5:39 [System Scanner] Malware found
      The file 
      'C:\Windows\System32\DriverStore\FileRepository\rzvmouse.inf_amd64_neutral_cb6dc
      873859c2bfb\WdfCoInstaller01009.dll'
      contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan]
      Action(s) taken:
      A backup was created as '513bb0da.qua'  ( QUARANTINE ).
      The file was deleted.
 
8.12.2014 5:39 [System Scanner] Scan
      Scan completed [The scan has been done completely.].
       Number of files: 1395540
       Number of directories: 42800
       Number of malware: 2
       Number of warnings: 1
 
8.12.2014 3:20 [Scheduler] Job started
      The job "Complete system scan"
      was started successfully.
 
8.12.2014 3:20 [System Scanner] Scan
      Scan completed [The scan has been done completely.].
       Number of files: 3125
       Number of directories: 0
       Number of malware: 0
       Number of warnings: 0
 
8.12.2014 2:57 [Real-Time Protection] Service started
      Service started.
      Version of service: 14.0.7.310
      Version of Engine:
      Version of VDF:
 
8.12.2014 2:57 [Helper Service] Service started
      Service started.
      Version of service: 14.0.7.310
      Version of Engine: 8.3.26.32
      Version of VDF: 8.11.193.76
 
8.12.2014 2:57 [Scheduler] Service started
      The service was started.
       Version of service 14.0.7.310
 
8.12.2014 2:56 [Real-Time Protection] Service stopped
      The service was stopped.
 
8.12.2014 2:56 [Scheduler] Service stopped
      The service was stopped.
 
8.12.2014 2:36 [Real-Time Protection] Service started
      Service started.
      Version of service: 14.0.7.310
      Version of Engine:
      Version of VDF:
 
8.12.2014 2:36 [Helper Service] Service started
      Service started.
      Version of service: 14.0.7.310
      Version of Engine: 8.3.26.32
      Version of VDF: 8.11.193.76
 
8.12.2014 2:35 [Scheduler] Service started
      The service was started.
       Version of service 14.0.7.310
 
8.12.2014 2:32 [Real-Time Protection] Service stopped
      The service was stopped.
 
8.12.2014 2:32 [Scheduler] Service stopped
      The service was stopped.
 
8.12.2014 2:29 [System Scanner] Scan
      Scan completed [The scan has been done completely.].
       Number of files: 1397024
       Number of directories: 42752
       Number of malware: 0
       Number of warnings: 0
 
8.12.2014 1:31 [Updater] Update successfully carried out
      Update on computer TAAVI-PC (192.168.1.8) by "http://62.44.200.168/update" was 
      executed successfully.
      No new engine/VDF files available.
 
8.12.2014 1:31 [Scheduler] Job started
      The job "Automatic update"
      was started successfully.
 
8.12.2014 1:26 [Real-Time Protection] Registry blocked
      In accordance with security guidelines, the Administrator has blocked access to 
      the registry.
 
 
 
 
I have not noticed anything weird in my computer's performance or anything but I want to be sure that my computer is safe. I'm running windows 7. Thanks in advance.


BC AdBot (Login to Remove)

 


m

#2 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 09 December 2014 - 12:45 PM

Hello there     :welcome:
 
Welcome to Bleeping Computer, I'm LighthouseParty. Let's run a couple of scans to see what could be causing this.
 
Step One:
Download and run Mini Tool Box

  • Click here to download MiniToolBox to your desktop.
  • Double click MiniToolBox.
  • Select the following and then press go.
  • Post the log in your next reply.

Flush DNS
Reset IE Proxy Settings
Reset FF Proxy Settings
List Installed Programs
List Restore Points
 
Step Two:
Install and run Malwarebytes Anti-Malware

  • Click here to download Malwarebytes to your desktop.
  • Double click mbam-setup-x.x.x.xxxx and follow the on-screen instructions.
  • On the dashboard, click update now.
  • After that, click scan now - the scan will now begin.
  • When the scan's completed, select apply actions - make sure the action is quarantine.
  • Restart your computer.

How to get the log.

  • On the dashboard, select the history tab and click application logs.
  • Select the log which has the time and date of when you did the scan.
  • Click copy to clipboard and paste it into your reply.

Step Three:
Download and run Security Check

  • Click here to download Security Check to your desktop.
  • Double click SecurityCheck and follow the on-screen instructions.
  • A log should open, called checkup.txt.
  • Please post the contents of it in your next reply.

Thanks and good luck!



#3 OuroborosDOTA

OuroborosDOTA
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 09 December 2014 - 01:27 PM

Mini Tool box log:

 

MiniToolBox by Farbar  Version: 30-11-2014
Ran by Taavi (administrator) on 09-12-2014 at 20:04:47
Running from "D:\Downloads"
Microsoft Windows 7 Ultimate   (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
 
 
=========================== Installed Programs ============================
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In  (Version: 2.06.0000 - AMD) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
AntiLogger Free version 1.8.2.24 (HKLM-x32\...\{A80DB23D-0618-405B-89D9-28F99814E287}_is1) (Version: 1.8.2.24 - Zemana Ltd.)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.5.0.0 - Electronic Arts)
Blacklight: Retribution (HKLM-x32\...\Steam App 209870) (Version:  - Zombie, Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
Cry of Fear (HKLM-x32\...\Steam App 223710) (Version:  - Team Psykskallar)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
DNA Mokkula MF60 (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.1 - ZTE Corporation)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - )
Dota 2 Test (HKLM-x32\...\Steam App 205790) (Version:  - )
Far Cry 4 (HKLM-x32\...\Far Cry 4_is1) (Version: 1.0 - ????? ?? R.G. Steamgames)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Gotham City Impostors: Free To Play (HKLM-x32\...\Steam App 206210) (Version:  - Monolith Productions, Inc.)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version:  - Valve)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HWiNFO64 Version 4.08 (HKLM\...\HWiNFO64_is1) (Version: 4.08 - Martin Malík - REALiX)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Logitech Gaming Software 8.40 (HKLM\...\Logitech Gaming Software) (Version: 8.40.83 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Minecraft1.6.2 (HKLM-x32\...\Minecraft1.6.2) (Version:  - )
Mozilla Firefox 32.0.3 (x86 fi) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 fi)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MSI Afterburner 2.3.0 (HKLM-x32\...\Afterburner) (Version: 2.3.0 - MSI Co., LTD)
MSI Kombustor 2.4.2 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version:  - MSI Co., LTD)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.45.4 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.4.5 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OnTopReplica (HKCU\...\OnTopReplica) (Version: 3.4 - Lorenz Cuno Klopfenstein)
OpenOffice 4.0.1 (HKLM-x32\...\{955C3F64-C693-41E6-B9D5-A505A5C41B52}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.3.2637 - Electronic Arts, Inc.)
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
RadeonPro 1.0 (Build 1.1.1.0) (HKLM-x32\...\RadeonPro_is1) (Version:  - )
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.15.20888 - Razer Inc.)
Sacred 2 Gold (HKLM-x32\...\Steam App 225640) (Version:  - )
Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version:  - Coffee Stain Studios)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKCU\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version:  - Pandemic Studios)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TI-Nspire™ Computer Link (HKLM-x32\...\{C0B7C804-B89F-47F7-91CC-21ACDC7D7AAC}) (Version: 3.2.0.124 - Texas Instruments Inc.)
TL-WN751ND Driver (HKLM-x32\...\{14770694-6C1C-4137-95F9-6F934D8491B4}) (Version: 1.00.0000 - TP-LINK)
Torchlight II © Runic Games version 1 (HKLM-x32\...\Torchlight II © Runic Games_is1) (Version: 1 - )
Trials Fusion (HKLM-x32\...\Uplay Install 297) (Version:  - Ubisoft)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 4.5 - Ubisoft)
Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Windows Phone app for desktop (HKLM-x32\...\{E786AE85-8A30-4CF2-BF70-57404A5CD684}) (Version: 1.0.1720.1 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
========================= Restore Points ==================================
 
08-12-2014 21:25:52 Windows Update
 
**** End of log ****
 
 
 
Malwarebytes Anti-Malware log:
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9.12.2014
Scan Time: 20:03:17
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.12.09.06
Rootkit Database: v2014.12.08.03
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7
CPU: x64
File System: NTFS
User: Taavi
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 322173
Time Elapsed: 16 min, 6 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

 

 

 

Security check:

 

 Results of screen317's Security Check version 0.99.91  
 Windows 7  x64 (UAC is enabled)   
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 51  
 Java version 32-bit out of Date!
 Adobe Flash Player 15.0.0.239  
 Mozilla Firefox 32.0.3 Firefox out of Date!
 Google Chrome (39.0.2171.65) 
 Google Chrome (39.0.2171.71) 
````````Process Check: objlist.exe by Laurent````````
 Malwarebytes Anti-Malware mbam.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log``````````````````````
 

 



#4 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 09 December 2014 - 02:01 PM

Hello there,

Step One:
Uninstall Some Programs 
 
There's currently some programs on your PC that we need to remove, for the time-being at least. Press the Windows + R key on your keyboard and type in appwiz.cpl and press enter. Navigate to each of the following below one-by-one and click uninstall:

  • Java 7 Update 21
  • Java 7 Update 51

If any programs listed above aren't in Programs and Features, you can just skip them. Please download JavaRa from here and once opened it, select 'remove JRE'. Make sure you skip the re-install Java option! Mozilla Firefox currently needs updating, click here for instructions on how to do so.

Step Two:
Download and run rKill

  • Click here to download rKill to your desktop.
  • Double click it (Win 7 and Vista users, right-click and select run as admin)
  • The tool will run and then a log file should open.
  • Please post the contents of it in your next reply.

Please don't restart your computer before running the next step.

Step Three:
Download and run AdwCleaner

  • Click here to download AdwCleaner to your desktop.
  • Double click adwcleaner_x.xxx.exe. (Win 7, 8 and Vista users, right-click and select run as admin)
  • If prompted, click I agree.
  • Click scan. When it's finished, select clean.
  • Allow AdwCleaner to restart your computer.
  • Once your computer's restarted, a log should appear.
  • Please post this in your next reply.

Step Four:
Download and run Junkware Removal Tool

  • Click here to download Junkware Removal Tool to your desktop.
  • Double click JRT.exe. (Win 7, 8 and Vista users, right-click and select run as admin)
  • Press any key and the scan will begin.
  • At the end, a log will open. Please post this in your next reply.


#5 OuroborosDOTA

OuroborosDOTA
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 09 December 2014 - 03:01 PM

I uninstalled both programs and updated Mozilla.
 
 
Rkill log:
 
Rkill 2.6.8 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 12/09/2014 09:27:12 PM in x64 mode.
Windows Version: Windows 7 Ultimate 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
Searching for Missing Digital Signatures: 
 
 * C:\Windows\System32\user32.dll : 1 008 640 : 12/08/2014 11:26 PM : 2c353b6ce0c8d03225caa2af33b68d79 [NoSig]
 +-> C:\Windows\SysWOW64\user32.dll : 833 024 : 12/08/2014 11:26 PM : 861c4346f9281dc0380de72c8d55d6be [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll : 1 008 640 : 07/14/2009 03:41 AM : 72d7b3ea16946e8f0cf7458150031cc6 [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll : 833 024 : 07/14/2009 03:11 AM : e8b0ffc209e504cb7e79fc24e6c085f0 [Pos Repl]
 
Checking HOSTS File: 
 
 * Cannot edit the HOSTS file.
 * Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/
 
Program finished at: 12/09/2014 09:27:28 PM
Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)
 
 
 
AdwCleaner log:
 
# AdwCleaner v4.105 - Report created 09/12/2014 at 21:36:31
# Updated 08/12/2014 by Xplode
# Database : 2014-12-08.2 [Live]
# Operating System : Windows 7 Ultimate  (64 bits)
# Username : Taavi - TAAVI-PC
# Running from : D:\Downloads\adwcleaner_4.105.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.7600.16385
 
 
-\\ Mozilla Firefox v33.1.1 (x86 fi)
 
 
-\\ Google Chrome v39.0.2171.71
 
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[S1].txt - [884 octets] - [09/12/2014 21:36:31]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [943 octets] ##########
 
 
 

JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Ultimate x64
Ran by Taavi on ti 09.12.2014 at 21:42:10,51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Windows\wininit.ini"
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ti 09.12.2014 at 21:47:20,22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#6 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 09 December 2014 - 03:06 PM

How is the PC now?



#7 OuroborosDOTA

OuroborosDOTA
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 09 December 2014 - 03:39 PM

Still haven't noticed anything weird and everything is working fine. 



#8 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 09 December 2014 - 03:41 PM

In the rKill log, there was a slight problem with the hosts file.. we can easily fix it.

  1. Click here to download Hosts-perm.bat to your desktop.
  2. Double-click the hosts-perm.bat file and when it is done you will see a message stating "The Permissions on the HOSTS file have been reset.".
  3. Press any key on your keyboard to exit the batch file.
  4. You should now be able to modify or delete the HOSTS file.

Edited by LighthouseParty, 09 December 2014 - 03:42 PM.


#9 OuroborosDOTA

OuroborosDOTA
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 09 December 2014 - 03:52 PM

When I do that, Avira does this:

 

9.12.2014 22:51 [Real-Time Protection] Host file blocked
      In accordance with security guidelines, the Administrator has blocked access to 
      the Hosts file.
 
 
Is it normal?


#10 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 09 December 2014 - 04:01 PM

Temporarily disable Avira while running what I asked above :)



#11 OuroborosDOTA

OuroborosDOTA
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 09 December 2014 - 04:19 PM

This is the message it gives me:
 
 
Are you sure (Y/N)?Access is denied.
Path not found - C:\Windows\system32\drivers\etc
The Permissions on the HOSTS file have been reset.
Press any key to continue . . .
 
 
Is that how it should be if it works correctly?


#12 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 09 December 2014 - 04:33 PM

Try to run the automatic FixIT listed on http://support.microsoft.com/kb/972034.

 

Let me know the results :)



#13 OuroborosDOTA

OuroborosDOTA
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 09 December 2014 - 05:48 PM

Avira gives the same message it gave before.



#14 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 10 December 2014 - 01:36 AM

Did you disable Avira?



#15 OuroborosDOTA

OuroborosDOTA
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 10 December 2014 - 09:49 PM

I ran the FixIT twice, the second time with Avira disabled. How do I know if it worked?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users