Possible infection through a job ad - advice welcome

scamander

New member
Member
VIP
Local time
7:44 AM
Messages
118
Location
Brighton
Hi all,

Firstly - I don't quite believe I've just done what I have so a dunce cap is being placed upon my head as I type.

I got back from a run last night to see a reply to a job I'd applied for on gumtree. Really I should have sussed something but a combination of fatigue, dunce-ness and desperation meant the email which asked me to download an application form via winzip was obliged.

What was unzipped wasn't even a MSWord document or icon, but a programme icon. The extraction process never seemed to happen as the pop-up with the % bar never started up (just appeared for a bit and then disappeared).

Anyway - sense soon returned and alongside it a howling panic. I googled the scam and it's a common one. I also re-started in safe mode and ran Malware Malbytes full scan and the same with Avast. Avast only picked up "Java:Agent-AIB[Expl]".

Now - two questions. Firstly do you think the virus downloaded properly? The pop-up icon never indicated a full unzip. Secondly, if so could this be it? I'm paranoid that it's on my PC and undetectable.

Advice and help welcome as ever.
 

My Computer My Computer

At a glance

Windows 7 Home Premium 64 bitAMD FX-8320 3.50GHz (4.00GHz Turbo) Socket AM...16GB Corsair (2x8192) 1333MHz DDR3 Dual-Chann...Radeon HD 7850 1024MB GDDR5 PCI-Express
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Gladiator X8320-HD Piledriver Eight-Core
OS
Windows 7 Home Premium 64 bit
CPU
AMD FX-8320 3.50GHz (4.00GHz Turbo) Socket AM3+ 8-Core Proce
Motherboard
GIGABYTE GA-78LMT-USB3 AMD 760G (Socket AM3+) Micro-ATX Mot
Memory
16GB Corsair (2x8192) 1333MHz DDR3 Dual-Channel Memory (32GB
Graphics Card(s)
Radeon HD 7850 1024MB GDDR5 PCI-Express
Monitor(s) Displays
AOC 936swa
Hard Drives
2TB (7200rpm) SATA 3GB/s (SATA II) Hard Drive
seagate ST2000DMOO1-9YN164
PSU
600W Corsair Builder Series 600CX 80PLUS Bronze Power Supply
Hi,

Is the download still on your PC? If so, I recommend uploading here for an online scan if the file is smaller than 20MB in size:

Jotti's malware scan

If not, then please run an online scan using ESET ONLINE SCANNER and post back the results:

ESET Online Scanner

Regards,
Golden
 

My Computer My Computer

At a glance

Windows 10 Pro x64 ; Xubuntu x64Intel i7 860 @ 2.80 GHz O/C'ed to 4.0GHz16GB Corsair Vengance DDR3 @ 661 MHz Dual Cha...EVGA NVidia GTX 560 1024MB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Golden Mk. I.4
OS
Windows 10 Pro x64 ; Xubuntu x64
CPU
Intel i7 860 @ 2.80 GHz O/C'ed to 4.0GHz
Motherboard
Gigabyte P55A-UD3R Rev.1. Award BIOS F13
Memory
16GB Corsair Vengance DDR3 @ 661 MHz Dual Channel (9-9-9-24)
Graphics Card(s)
EVGA NVidia GTX 560 1024MB
Sound Card
Realtek Integrated
Monitor(s) Displays
Dual Samsung SyncMaster 2494HS
Screen Resolution
1920*1080 and 1920*1080
Hard Drives
1*Samsung 840 EVO 120GB SSD;
1*OCZ Vertex 2 60GB SSD;
2*Samsung F3 SpinPoint 1TB in RAID0;
1*Samsung F1 SpinPoint 1TB;
2*Western Digital 1TB External USB 3.0
1*Western Digital 500GB External USB 3.0
1*Seagate 500GB External USB 2.0
PSU
Thermaltake ToughPower QFan 750W
Case
Thermaltake Element S VK60001W2Z
Cooling
Corsair H60 Water Cooling, 2*230mm and 2*80mm case fans
Keyboard
Logitech G110
Mouse
Logitech MX518
Do a system restore to a point before you opened the attachment... ;)
 

My Computer My Computer

At a glance

64-bit Windows 8.1 ProCore(TM) i5 CPU 4330 Haswell @ 3.20GHz12.00 GBIntel(R) HD Graphics
Computer type
PC/Desktop
Computer Manufacturer/Model Number
LENOVO K450 @3.0GHZ
OS
64-bit Windows 8.1 Pro
CPU
Core(TM) i5 CPU 4330 Haswell @ 3.20GHz
Motherboard
LENOVO
Memory
12.00 GB
Graphics Card(s)
Intel(R) HD Graphics
Sound Card
Intel HD integtrated
Monitor(s) Displays
HP 25' ISP Monitor
Screen Resolution
1900/1020
Hard Drives
(1) ST1000DM003-1CH162 (2) Generic STORAGE DEVICE USB Device (3) Generic STORAGE DEVICE USB Device
Internet Speed
100mb down/10mb up
  • Like
Reactions: JMH
Golden,

thanks for that - I'm running the scan at the moment. I also have the email - it contains hyperlinks through which you download a winzip file.

Being an amateur I'm unsure how I can upload this to you? Should I download, save (but not extract) and email it? Or how esle can I upload it to you?

thanks again
 

My Computer My Computer

At a glance

Windows 7 Home Premium 64 bitAMD FX-8320 3.50GHz (4.00GHz Turbo) Socket AM...16GB Corsair (2x8192) 1333MHz DDR3 Dual-Chann...Radeon HD 7850 1024MB GDDR5 PCI-Express
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Gladiator X8320-HD Piledriver Eight-Core
OS
Windows 7 Home Premium 64 bit
CPU
AMD FX-8320 3.50GHz (4.00GHz Turbo) Socket AM3+ 8-Core Proce
Motherboard
GIGABYTE GA-78LMT-USB3 AMD 760G (Socket AM3+) Micro-ATX Mot
Memory
16GB Corsair (2x8192) 1333MHz DDR3 Dual-Channel Memory (32GB
Graphics Card(s)
Radeon HD 7850 1024MB GDDR5 PCI-Express
Monitor(s) Displays
AOC 936swa
Hard Drives
2TB (7200rpm) SATA 3GB/s (SATA II) Hard Drive
seagate ST2000DMOO1-9YN164
PSU
600W Corsair Builder Series 600CX 80PLUS Bronze Power Supply
kills that last order - ran it through Jotti and it reported varying trojan 'bankers'......unfortunately I think I opened it and uploaded it again (a dunce cap for a dunce cap?) something has been picked up on the scan you advised so I'm hoping it's this.
 

My Computer My Computer

At a glance

Windows 7 Home Premium 64 bitAMD FX-8320 3.50GHz (4.00GHz Turbo) Socket AM...16GB Corsair (2x8192) 1333MHz DDR3 Dual-Chann...Radeon HD 7850 1024MB GDDR5 PCI-Express
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Gladiator X8320-HD Piledriver Eight-Core
OS
Windows 7 Home Premium 64 bit
CPU
AMD FX-8320 3.50GHz (4.00GHz Turbo) Socket AM3+ 8-Core Proce
Motherboard
GIGABYTE GA-78LMT-USB3 AMD 760G (Socket AM3+) Micro-ATX Mot
Memory
16GB Corsair (2x8192) 1333MHz DDR3 Dual-Channel Memory (32GB
Graphics Card(s)
Radeon HD 7850 1024MB GDDR5 PCI-Express
Monitor(s) Displays
AOC 936swa
Hard Drives
2TB (7200rpm) SATA 3GB/s (SATA II) Hard Drive
seagate ST2000DMOO1-9YN164
PSU
600W Corsair Builder Series 600CX 80PLUS Bronze Power Supply
Hi,

OK. Complete the ESET scan, and then post the exact name of the threats it identifies here. Depending on what they are, you may need to do a System Restore as Tews suggested, or in the worse case a format and reinstallation of your system - it all depends on the severity of the malware.

We can help you through the restore or install if neccessary - this forum has many experts more than capable of getting you back up and running in a short time.

Regards,
Golden
 

My Computer My Computer

At a glance

Windows 10 Pro x64 ; Xubuntu x64Intel i7 860 @ 2.80 GHz O/C'ed to 4.0GHz16GB Corsair Vengance DDR3 @ 661 MHz Dual Cha...EVGA NVidia GTX 560 1024MB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Golden Mk. I.4
OS
Windows 10 Pro x64 ; Xubuntu x64
CPU
Intel i7 860 @ 2.80 GHz O/C'ed to 4.0GHz
Motherboard
Gigabyte P55A-UD3R Rev.1. Award BIOS F13
Memory
16GB Corsair Vengance DDR3 @ 661 MHz Dual Channel (9-9-9-24)
Graphics Card(s)
EVGA NVidia GTX 560 1024MB
Sound Card
Realtek Integrated
Monitor(s) Displays
Dual Samsung SyncMaster 2494HS
Screen Resolution
1920*1080 and 1920*1080
Hard Drives
1*Samsung 840 EVO 120GB SSD;
1*OCZ Vertex 2 60GB SSD;
2*Samsung F3 SpinPoint 1TB in RAID0;
1*Samsung F1 SpinPoint 1TB;
2*Western Digital 1TB External USB 3.0
1*Western Digital 500GB External USB 3.0
1*Seagate 500GB External USB 2.0
PSU
Thermaltake ToughPower QFan 750W
Case
Thermaltake Element S VK60001W2Z
Cooling
Corsair H60 Water Cooling, 2*230mm and 2*80mm case fans
Keyboard
Logitech G110
Mouse
Logitech MX518
Throwing my 2 cents in (or is it 2 pence?) there's another free product from Comodo called Cleaning Essentials that's getting some pretty good reviews as a malware detecting/removing program. I run full Malwarebytes scans regularly and always get clean results. First time I ran CCE it detected 5 suspicious files not flagged by any other scanner I use. Might be worth a try. Latest version is 2.3 just in case an earlier version is downloaded.

Comodo Cleaning Essentials
 

My Computer My Computer

At a glance

Win 7 Pro 64-bitIntel i5 2.4 Ghz8GB DDR3Intel HD 3000
Computer type
Laptop
Computer Manufacturer/Model Number
Sony Vaio VPCEB47GM Laptop
OS
Win 7 Pro 64-bit
CPU
Intel i5 2.4 Ghz
Memory
8GB DDR3
Graphics Card(s)
Intel HD 3000
Sound Card
IDT High Definition
Monitor(s) Displays
15.6 WGXA Anti-Glare LED
Screen Resolution
1280x800
Hard Drives
640Gb 7200rpm
Antivirus
MSE
Browser
Opera (primary) with IE9 backup
cheers Golden - I didn't note the name, as I remember it was something along the lines of win32/installCore and win32/registrybooster. It said they were variations of.

Going to run it again, also will run the Comodo (cheers Marsimar). Assuming that nothing comes up on either (and that the safemode Avast and Malwarebytes scans were clean). I should be ok?
 

My Computer My Computer

At a glance

Windows 7 Home Premium 64 bitAMD FX-8320 3.50GHz (4.00GHz Turbo) Socket AM...16GB Corsair (2x8192) 1333MHz DDR3 Dual-Chann...Radeon HD 7850 1024MB GDDR5 PCI-Express
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Gladiator X8320-HD Piledriver Eight-Core
OS
Windows 7 Home Premium 64 bit
CPU
AMD FX-8320 3.50GHz (4.00GHz Turbo) Socket AM3+ 8-Core Proce
Motherboard
GIGABYTE GA-78LMT-USB3 AMD 760G (Socket AM3+) Micro-ATX Mot
Memory
16GB Corsair (2x8192) 1333MHz DDR3 Dual-Channel Memory (32GB
Graphics Card(s)
Radeon HD 7850 1024MB GDDR5 PCI-Express
Monitor(s) Displays
AOC 936swa
Hard Drives
2TB (7200rpm) SATA 3GB/s (SATA II) Hard Drive
seagate ST2000DMOO1-9YN164
PSU
600W Corsair Builder Series 600CX 80PLUS Bronze Power Supply
just ran the comodo cleaning essentials and nothing came up. Just got the second ESET scan to do later.

thanks again.
 

My Computer My Computer

At a glance

Windows 7 Home Premium 64 bitAMD FX-8320 3.50GHz (4.00GHz Turbo) Socket AM...16GB Corsair (2x8192) 1333MHz DDR3 Dual-Chann...Radeon HD 7850 1024MB GDDR5 PCI-Express
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Gladiator X8320-HD Piledriver Eight-Core
OS
Windows 7 Home Premium 64 bit
CPU
AMD FX-8320 3.50GHz (4.00GHz Turbo) Socket AM3+ 8-Core Proce
Motherboard
GIGABYTE GA-78LMT-USB3 AMD 760G (Socket AM3+) Micro-ATX Mot
Memory
16GB Corsair (2x8192) 1333MHz DDR3 Dual-Channel Memory (32GB
Graphics Card(s)
Radeon HD 7850 1024MB GDDR5 PCI-Express
Monitor(s) Displays
AOC 936swa
Hard Drives
2TB (7200rpm) SATA 3GB/s (SATA II) Hard Drive
seagate ST2000DMOO1-9YN164
PSU
600W Corsair Builder Series 600CX 80PLUS Bronze Power Supply
Hi,

According to Wilders, InstallCore appears to be relatively innocous. RegistryBooster seems to be a PUA (potentially unwanted application)....think spam. I would still run the ESET scan to completion, and to be extra vigilent, I will ask our trained MVP malware fighters Corinne or Jacee to look at this thread.

Regards,
Golden

EDIT : I have asked Jacee or Corinne to look at this for you when they can.
 

My Computer My Computer

At a glance

Windows 10 Pro x64 ; Xubuntu x64Intel i7 860 @ 2.80 GHz O/C'ed to 4.0GHz16GB Corsair Vengance DDR3 @ 661 MHz Dual Cha...EVGA NVidia GTX 560 1024MB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Golden Mk. I.4
OS
Windows 10 Pro x64 ; Xubuntu x64
CPU
Intel i7 860 @ 2.80 GHz O/C'ed to 4.0GHz
Motherboard
Gigabyte P55A-UD3R Rev.1. Award BIOS F13
Memory
16GB Corsair Vengance DDR3 @ 661 MHz Dual Channel (9-9-9-24)
Graphics Card(s)
EVGA NVidia GTX 560 1024MB
Sound Card
Realtek Integrated
Monitor(s) Displays
Dual Samsung SyncMaster 2494HS
Screen Resolution
1920*1080 and 1920*1080
Hard Drives
1*Samsung 840 EVO 120GB SSD;
1*OCZ Vertex 2 60GB SSD;
2*Samsung F3 SpinPoint 1TB in RAID0;
1*Samsung F1 SpinPoint 1TB;
2*Western Digital 1TB External USB 3.0
1*Western Digital 500GB External USB 3.0
1*Seagate 500GB External USB 2.0
PSU
Thermaltake ToughPower QFan 750W
Case
Thermaltake Element S VK60001W2Z
Cooling
Corsair H60 Water Cooling, 2*230mm and 2*80mm case fans
Keyboard
Logitech G110
Mouse
Logitech MX518
Hi, scamander.

If this is indeed a banker trojan, you need to go to a known clean computer and change your passwords for any online banking/credit card sites as well as your e-mail account and any other sensitive accounts. A banker trojan is a backdoor virus that allows hackers to connect remotely to your computer, providing the ability to send emails from your account, download other malicious programs and get access to your files. Your private and sensitive information is put at risk and you may become the victim of identity theft.

Without further information, there is no way of confirming if anything was actually installed.
 

My Computer My Computer

At a glance

Windows 7 & Windows Vista Ultimate
OS
Windows 7 & Windows Vista Ultimate
Download DDS from one of these links:
Mirror 1 Mirror 2 Mirror 3
  • Disable any script blocking protection
  • Double click the dds icon to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt <--- will be minimized in the task tray
  • Save both reports to your desktop.
Include the contents of both logs in your next post.
The scan will instruct you to post Attach.txt as an attachment.
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32bit SP1Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz4 GBATI Radeon HD 2600 Pro
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
Wow- really appreciate the help. Firstly the ESET online scan. This found:
java/Agent.DW Trojan
java/Agent.DU Trojan
java/Agent.DW Trojan
java/Agent.DW Trojan
a variation of MSIL/Spy.Banker.O.trojan

I'll post the DDS logs in a mo
 

My Computer My Computer

At a glance

Windows 7 Home Premium 64 bitAMD FX-8320 3.50GHz (4.00GHz Turbo) Socket AM...16GB Corsair (2x8192) 1333MHz DDR3 Dual-Chann...Radeon HD 7850 1024MB GDDR5 PCI-Express
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Gladiator X8320-HD Piledriver Eight-Core
OS
Windows 7 Home Premium 64 bit
CPU
AMD FX-8320 3.50GHz (4.00GHz Turbo) Socket AM3+ 8-Core Proce
Motherboard
GIGABYTE GA-78LMT-USB3 AMD 760G (Socket AM3+) Micro-ATX Mot
Memory
16GB Corsair (2x8192) 1333MHz DDR3 Dual-Channel Memory (32GB
Graphics Card(s)
Radeon HD 7850 1024MB GDDR5 PCI-Express
Monitor(s) Displays
AOC 936swa
Hard Drives
2TB (7200rpm) SATA 3GB/s (SATA II) Hard Drive
seagate ST2000DMOO1-9YN164
PSU
600W Corsair Builder Series 600CX 80PLUS Bronze Power Supply
First DDS Log
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Neil at 17:19:00 on 2012-01-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4095.2556 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=DSGJ&bmod=DSGJ
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5AE13318-8F62-44EF-86FC-BF3678587073} : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\d5j14vrp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - Google
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Downloader\npdd.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPCentraUpdater.dll
FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-10-25 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-1-3 44768]
R2 ReflectService;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2011-6-7 301720]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-11 135664]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-11 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 rt61x64;RT61 Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr6164.sys --> C:\Windows\system32\DRIVERS\netr6164.sys [?]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);C:\Windows\system32\DRIVERS\s1018bus.sys --> C:\Windows\system32\DRIVERS\s1018bus.sys [?]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s1018mdfl.sys --> C:\Windows\system32\DRIVERS\s1018mdfl.sys [?]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s1018mdm.sys --> C:\Windows\system32\DRIVERS\s1018mdm.sys [?]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s1018mgmt.sys --> C:\Windows\system32\DRIVERS\s1018mgmt.sys [?]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);C:\Windows\system32\DRIVERS\s1018nd5.sys --> C:\Windows\system32\DRIVERS\s1018nd5.sys [?]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s1018obex.sys --> C:\Windows\system32\DRIVERS\s1018obex.sys [?]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);C:\Windows\system32\DRIVERS\s1018unic.sys --> C:\Windows\system32\DRIVERS\s1018unic.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-01-25 13:33:36 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B8A1201A-0B85-4E5E-83E4-1569E9B04774}\offreg.dll
2012-01-25 10:00:54 -------- d-----w- C:\Program Files (x86)\ESET
2012-01-24 07:40:38 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B8A1201A-0B85-4E5E-83E4-1569E9B04774}\mpengine.dll
2012-01-20 12:23:52 -------- d-----w- C:\Program Files\iPod
2012-01-20 12:23:51 -------- d-----w- C:\Program Files\iTunes
2012-01-20 12:23:51 -------- d-----w- C:\Program Files (x86)\iTunes
2012-01-11 22:33:06 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-11 22:33:06 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-11 22:33:06 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-11 22:33:06 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-11 07:42:12 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-11 07:42:11 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-11 07:42:11 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-11 07:42:11 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-11 07:42:08 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-11 07:42:08 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-11 07:42:07 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-11 07:42:07 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-06 21:33:24 -------- d-----w- C:\Program Files (x86)\Steam
2012-01-05 19:01:50 -------- d-----w- C:\Program Files (x86)\Microsoft
2012-01-05 19:01:39 -------- d--h--w- C:\Windows\msdownld.tmp
2012-01-05 19:01:35 -------- d-----w- C:\Windows\SysWow64\directx
2012-01-03 18:05:38 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2012-01-03 17:50:59 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2012-01-03 17:50:59 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2012-01-03 17:50:58 2475352 ----a-w- C:\Windows\System32\D3DX9_42.dll
2012-01-03 17:50:58 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2012-01-03 17:50:57 72200 ----a-w- C:\Windows\System32\XAPOFX1_1.dll
2012-01-03 17:50:57 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll
2012-01-03 17:50:57 513544 ----a-w- C:\Windows\System32\XAudio2_2.dll
2012-01-03 17:50:57 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll
2012-01-03 17:50:56 238088 ----a-w- C:\Windows\SysWow64\xactengine3_2.dll
2012-01-03 17:50:56 177672 ----a-w- C:\Windows\System32\xactengine3_2.dll
2012-01-03 17:39:12 -------- d-----w- C:\Users\Neil\AppData\Roaming\My Games
2012-01-03 17:34:55 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-01-03 17:34:53 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-01-03 17:34:43 41184 ----a-w- C:\Windows\avastSS.scr
2012-01-03 17:34:34 -------- d-----w- C:\ProgramData\AVAST Software
2012-01-03 17:34:34 -------- d-----w- C:\Program Files\AVAST Software
2012-01-03 17:28:31 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-01-03 13:10:44 182672 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Plugins\nppdf32.dll
2012-01-03 13:10:44 182672 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-01-01 17:46:19 -------- d-----w- C:\Users\Neil\AppData\Local\My Games
2012-01-01 17:33:25 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2012-01-01 17:33:24 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2012-01-01 17:33:24 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2012-01-01 17:33:24 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2012-01-01 17:33:23 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2012-01-01 17:33:20 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2012-01-01 17:33:18 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
.
==================== Find3M ====================
.
2011-12-10 15:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-06 08:58:33 0 ----a-w- C:\Windows\ativpsrm.bin
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2011-11-16 15:13:23 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-15 14:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 17:22:17.17 ===============
 

My Computer My Computer

At a glance

Windows 7 Home Premium 64 bitAMD FX-8320 3.50GHz (4.00GHz Turbo) Socket AM...16GB Corsair (2x8192) 1333MHz DDR3 Dual-Chann...Radeon HD 7850 1024MB GDDR5 PCI-Express
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Gladiator X8320-HD Piledriver Eight-Core
OS
Windows 7 Home Premium 64 bit
CPU
AMD FX-8320 3.50GHz (4.00GHz Turbo) Socket AM3+ 8-Core Proce
Motherboard
GIGABYTE GA-78LMT-USB3 AMD 760G (Socket AM3+) Micro-ATX Mot
Memory
16GB Corsair (2x8192) 1333MHz DDR3 Dual-Channel Memory (32GB
Graphics Card(s)
Radeon HD 7850 1024MB GDDR5 PCI-Express
Monitor(s) Displays
AOC 936swa
Hard Drives
2TB (7200rpm) SATA 3GB/s (SATA II) Hard Drive
seagate ST2000DMOO1-9YN164
PSU
600W Corsair Builder Series 600CX 80PLUS Bronze Power Supply
and the second log:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/06/2011 18:10:47
System Uptime: 25/01/2012 13:21:04 (4 hours ago)
.
Motherboard: FOXCONN | | A7VMX-K
Processor: AMD Phenom(tm) 8600 Triple-Core Processor | Socket 940 | 1150/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 289 GiB total, 123.038 GiB free.
D: is CDROM (CDFS)
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP148: 10/01/2012 08:12:11 - Windows Update
RP149: 11/01/2012 22:42:40 - Windows Update
RP150: 15/01/2012 14:43:51 - Windows Update
RP151: 18/01/2012 09:25:09 - Windows Update
RP152: 19/01/2012 08:42:19 - Windows Update
RP153: 24/01/2012 07:39:46 - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
avast! Free Antivirus
Belarc Advisor 8.2
Blood Bowl Legendary Edition version 2.0.1.2
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
CCC Help English
Centra Client
Championship Manager 01-02
Compatibility Pack for the 2007 Office system
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Downloader
Driver Detective
Driver Sweeper version 3.2.0
ESET Online Scanner v3
Flickr Uploadr 3.2.1
Geeks3D.com FurMark 1.9.0
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Logitech SetPoint
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.60.0.1800
Master of Olympus - Zeus
Media Go
Medieval II Total War
Medieval II Total War : Kingdoms : Americas
Medieval II Total War : Kingdoms : Britannia
Medieval II Total War : Kingdoms : Crusades
Medieval II Total War : Kingdoms : Teutonic
Microsoft .NET Framework 1.1
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Works
Mozilla Firefox 9.0.1 (x86 en-GB)
Picasa 3
PlayStation(R)Network Downloader
PlayStation(R)Store
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Sid Meier's Civilization 4
Sid Meier's Civilization V
Smilebox
Sony Ericsson PC Companion 1.60.13
Sony Ericsson PC Suite 6.011.00
Spotify
Steam
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
25/01/2012 13:16:10, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
25/01/2012 11:41:34, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
25/01/2012 11:41:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
25/01/2012 11:41:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
25/01/2012 11:41:32, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
25/01/2012 11:41:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
25/01/2012 11:41:23, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache spldr Wanarpv6
25/01/2012 08:36:32, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\DR0.
25/01/2012 08:36:32, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
24/01/2012 22:14:38, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
24/01/2012 22:14:37, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
24/01/2012 22:14:37, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
24/01/2012 22:14:23, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
24/01/2012 22:14:23, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
24/01/2012 22:14:23, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
24/01/2012 22:14:23, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
24/01/2012 22:14:23, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
24/01/2012 22:14:23, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
24/01/2012 22:14:23, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
24/01/2012 22:14:23, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
24/01/2012 22:14:23, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
24/01/2012 22:14:23, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
24/01/2012 22:14:23, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
22/01/2012 08:20:05, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
18/01/2012 09:19:39, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
18/01/2012 09:19:39, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
18/01/2012 09:19:39, Error: Service Control Manager [7038] - The SSDPSRV service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
18/01/2012 09:19:39, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
18/01/2012 09:19:39, Error: Service Control Manager [7038] - The lmhosts service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
18/01/2012 09:19:39, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147023781.
18/01/2012 09:19:39, Error: Service Control Manager [7000] - The TCP/IP NetBIOS Helper service failed to start due to the following error: The service did not start due to a logon failure.
18/01/2012 09:19:39, Error: Service Control Manager [7000] - The SSDP Discovery service failed to start due to the following error: The service did not start due to a logon failure.
18/01/2012 09:19:39, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure.
18/01/2012 09:19:39, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
18/01/2012 09:19:39, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x8007045B.
18/01/2012 09:19:38, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
18/01/2012 09:19:38, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
18/01/2012 09:19:38, Error: Service Control Manager [7038] - The FontCache service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
18/01/2012 09:19:38, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not start due to a logon failure.
18/01/2012 09:19:36, Error: Service Control Manager [7022] - The avast! Antivirus service hung on starting.
18/01/2012 09:14:15, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
18/01/2012 09:14:15, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
18/01/2012 09:14:15, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
18/01/2012 09:14:15, Error: Service Control Manager [7000] - The Portable Device Enumerator Service service failed to start due to the following error: A system shutdown is in progress.
18/01/2012 09:14:15, Error: Service Control Manager [7000] - The Human Interface Device Access service failed to start due to the following error: A system shutdown is in progress.
18/01/2012 09:14:15, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: A system shutdown is in progress.
18/01/2012 09:14:15, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: A system shutdown is in progress.
18/01/2012 09:14:15, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: A system shutdown is in progress.
.
==== End Of File ===========================
 

My Computer My Computer

At a glance

Windows 7 Home Premium 64 bitAMD FX-8320 3.50GHz (4.00GHz Turbo) Socket AM...16GB Corsair (2x8192) 1333MHz DDR3 Dual-Chann...Radeon HD 7850 1024MB GDDR5 PCI-Express
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Gladiator X8320-HD Piledriver Eight-Core
OS
Windows 7 Home Premium 64 bit
CPU
AMD FX-8320 3.50GHz (4.00GHz Turbo) Socket AM3+ 8-Core Proce
Motherboard
GIGABYTE GA-78LMT-USB3 AMD 760G (Socket AM3+) Micro-ATX Mot
Memory
16GB Corsair (2x8192) 1333MHz DDR3 Dual-Channel Memory (32GB
Graphics Card(s)
Radeon HD 7850 1024MB GDDR5 PCI-Express
Monitor(s) Displays
AOC 936swa
Hard Drives
2TB (7200rpm) SATA 3GB/s (SATA II) Hard Drive
seagate ST2000DMOO1-9YN164
PSU
600W Corsair Builder Series 600CX 80PLUS Bronze Power Supply
Did ESET quarantine and delete these?
java/Agent.DW Trojan
java/Agent.DU Trojan
java/Agent.DW Trojan
java/Agent.DW Trojan

Please download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files

Next, fush bad DNS cache:

Right click on command promt and run as Administrator ... copy and paste
ipconfig /flushdns, then press 'enter'

Do as Corrine said and change all your passwords using another (known 'clean) computer.

Re-scan with ESET
  • When the scan completes, push
    esetListThreats.png
  • Push
    esetExport.png
    , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the
    esetBack.png
    button.
  • Push
    esetFinish.png
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32bit SP1Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz4 GBATI Radeon HD 2600 Pro
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
many thanks Jaycee - ESET deleted the trojans by the way. Will gte on with your suggestions and will report back.
 

My Computer My Computer

At a glance

Windows 7 Home Premium 64 bitAMD FX-8320 3.50GHz (4.00GHz Turbo) Socket AM...16GB Corsair (2x8192) 1333MHz DDR3 Dual-Chann...Radeon HD 7850 1024MB GDDR5 PCI-Express
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Gladiator X8320-HD Piledriver Eight-Core
OS
Windows 7 Home Premium 64 bit
CPU
AMD FX-8320 3.50GHz (4.00GHz Turbo) Socket AM3+ 8-Core Proce
Motherboard
GIGABYTE GA-78LMT-USB3 AMD 760G (Socket AM3+) Micro-ATX Mot
Memory
16GB Corsair (2x8192) 1333MHz DDR3 Dual-Channel Memory (32GB
Graphics Card(s)
Radeon HD 7850 1024MB GDDR5 PCI-Express
Monitor(s) Displays
AOC 936swa
Hard Drives
2TB (7200rpm) SATA 3GB/s (SATA II) Hard Drive
seagate ST2000DMOO1-9YN164
PSU
600W Corsair Builder Series 600CX 80PLUS Bronze Power Supply
:cool:
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32bit SP1Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz4 GBATI Radeon HD 2600 Pro
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
just finished the ESET scanning - nothing found this time round. I'm clean!
 

My Computer My Computer

At a glance

Windows 7 Home Premium 64 bitAMD FX-8320 3.50GHz (4.00GHz Turbo) Socket AM...16GB Corsair (2x8192) 1333MHz DDR3 Dual-Chann...Radeon HD 7850 1024MB GDDR5 PCI-Express
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Gladiator X8320-HD Piledriver Eight-Core
OS
Windows 7 Home Premium 64 bit
CPU
AMD FX-8320 3.50GHz (4.00GHz Turbo) Socket AM3+ 8-Core Proce
Motherboard
GIGABYTE GA-78LMT-USB3 AMD 760G (Socket AM3+) Micro-ATX Mot
Memory
16GB Corsair (2x8192) 1333MHz DDR3 Dual-Channel Memory (32GB
Graphics Card(s)
Radeon HD 7850 1024MB GDDR5 PCI-Express
Monitor(s) Displays
AOC 936swa
Hard Drives
2TB (7200rpm) SATA 3GB/s (SATA II) Hard Drive
seagate ST2000DMOO1-9YN164
PSU
600W Corsair Builder Series 600CX 80PLUS Bronze Power Supply
Thanks for jumping in while I was away, Jacee!

scamander, It would still be a wise precaution to change your online passwords. Be sure to use a different password for each site.
 

My Computer My Computer

At a glance

Windows 7 & Windows Vista Ultimate
OS
Windows 7 & Windows Vista Ultimate
Back
Top