Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Maybe virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Maybe virus

Unread postby vanchom » September 19th, 2012, 9:28 am

Was away fore few days, computer used by family, i dont trust them, if they got me a virus i go angry.
Please check if the infected the computer.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by user at 15:14:42 on 2012-09-19
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3327.2456 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AlwaysOnTopMaker.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
StartupFolder: c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\AlwaysOnTopMaker.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{6CC9E640-C7FE-40E7-94B4-887F1A6BD1B2} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{6CC9E640-C7FE-40E7-94B4-887F1A6BD1B2} : DhcpNameServer = 192.168.178.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 62.146.66.181 dl1.avgate.net
Hosts: 62.146.66.182 dl2.avgate.net
Hosts: 62.146.66.183 dl3.avgate.net
Hosts: 62.146.66.184 dl4.avgate.net
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\4qn012ae.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.toolbars.alexa.com/?ver=s ... F00g%2F&q=
FF - plugin: c:\program files\battlelog web plugins\1.118.0\npesnlaunch.dll
FF - plugin: c:\program files\battlelog web plugins\1.122.0\npesnlaunch.dll
FF - plugin: c:\program files\battlelog web plugins\sonar\0.70.4\npesnsonar.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\users\user\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\user\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\user\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys [2010-9-21 192504]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-7-28 217600]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2012-8-6 291840]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-6 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-6 269480]
R2 AODDriver4.01;AODDriver4.01;c:\program files\ati technologies\ati.ace\fuel\i386\aoddriver2.sys [2012-3-5 45184]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-6 66616]
R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-6-28 37944]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-7-28 8758784]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-7-28 296448]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-5-14 86656]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 c2wts;Claims to Windows Token Service;c:\program files\windows identity foundation\v3.5\c2wtshost.exe [2010-1-18 13080]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-27 15872]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-27 52224]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2011-6-24 34608]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-2 1343400]
S4 AODDriver4.1;AODDriver4.1;c:\program files\ati technologies\ati.ace\fuel\i386\aoddriver2.sys [2012-3-5 45184]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\googleupdate.exe /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\googleupdate.exe /medsvc --> c:\program files\google\update\GoogleUpdate.exe [?]
.
=============== Created Last 30 ================
.
2012-09-19 12:55:32 -------- d-----w- c:\program files\IrfanView
2012-09-18 23:17:10 -------- d-----w- c:\programdata\KONAMI
2012-09-16 10:33:33 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-16 10:33:33 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-16 10:33:33 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-16 10:33:32 400896 ----a-w- c:\windows\system32\srcore.dll
2012-09-16 10:33:32 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-09-16 10:33:31 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-09-16 10:33:31 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-09-16 10:33:30 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-16 10:33:30 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-16 10:33:28 769024 ----a-w- c:\windows\system32\localspl.dll
2012-09-16 10:33:27 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-11 12:00:01 -------- d-----w- c:\users\user\appdata\local\{7677A22E-0EBB-4A6A-8E1A-3AD599C5D8A1}
2012-09-08 12:58:56 -------- d-----w- c:\program files\MediaInfo
2012-09-04 14:45:00 -------- d-----w- c:\users\user\appdata\local\{2ADB8C93-F12F-4E9C-9E2C-D88868371180}
2012-09-02 09:14:43 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-22 10:26:11 -------- d-----w- c:\users\user\appdata\local\Activision
.
==================== Find3M ====================
.
2012-09-07 15:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-02 09:14:32 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-02 09:14:32 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-31 07:33:09 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-31 07:33:09 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-20 10:49:24 140800 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-08-20 10:49:14 283304 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-08-20 10:49:14 283304 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-08-20 10:48:48 281880 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-07-28 04:09:16 5538984 ----a-w- c:\windows\system32\atiumdag.dll
2012-07-28 04:06:48 8758784 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-07-28 03:43:04 58880 ----a-w- c:\windows\system32\coinst_8.982.dll
2012-07-28 02:50:10 20546560 ----a-w- c:\windows\system32\atioglxx.dll
2012-07-28 02:15:50 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-07-28 02:15:42 931328 ----a-w- c:\windows\system32\aticfx32.dll
2012-07-28 02:10:40 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-07-28 02:10:10 469504 ----a-w- c:\windows\system32\atieclxx.exe
2012-07-28 02:09:30 217600 ----a-w- c:\windows\system32\atiesrxx.exe
2012-07-28 02:08:12 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2012-07-28 02:08:02 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-07-28 02:07:52 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-07-28 02:07:10 6430208 ----a-w- c:\windows\system32\atidxx32.dll
2012-07-28 01:35:08 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-07-28 01:35:00 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-07-28 01:32:32 4751872 ----a-w- c:\windows\system32\atiumdva.dll
2012-07-28 01:30:10 13605888 ----a-w- c:\windows\system32\aticaldd.dll
2012-07-28 01:15:20 368640 ----a-w- c:\windows\system32\atiadlxx.dll
2012-07-28 01:15:08 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-07-28 01:14:56 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-07-28 01:14:22 296448 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-07-28 01:13:48 109568 ----a-w- c:\windows\system32\atiuxpag.dll
2012-07-28 01:13:32 83456 ----a-w- c:\windows\system32\atiu9pag.dll
2012-07-28 01:12:54 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-07-28 01:08:36 56832 ----a-w- c:\windows\system32\atimpc32.dll
2012-07-28 01:08:36 56832 ----a-w- c:\windows\system32\amdpcom32.dll
2012-07-27 20:47:36 159232 ----a-w- c:\windows\system32\clinfo.exe
2012-07-27 20:47:16 65024 ----a-w- c:\windows\system32\OpenVideo.dll
2012-07-27 20:47:06 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-07-27 20:46:06 13013504 ----a-w- c:\windows\system32\amdocl.dll
2012-07-04 21:14:34 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14:34 102912 ----a-w- c:\windows\system32\browser.dll
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 15:15:40,34 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 04.11.2010 20:11:01
System Uptime: 19.09.2012 14:51:06 (1 hours ago)
.
Motherboard: ECS | | A890GXM-A
Processor: AMD Phenom(tm) II X4 965 Processor | CPU 1 | 2176/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 195 GiB total, 23,481 GiB free.
D: is FIXED (NTFS) - 736 GiB total, 63,714 GiB free.
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP420: 16.09.2012 11:08:22 - kekerec
RP421: 16.09.2012 12:33:34 - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 62.146.66.181 dl1.avgate.net
Hosts: 62.146.66.182 dl2.avgate.net
Hosts: 62.146.66.183 dl3.avgate.net
Hosts: 62.146.66.184 dl4.avgate.net
Hosts: 80.190.143.235 dl5.avgate.net
Hosts: 80.190.143.236 dl6.avgate.net
Hosts: 62.146.66.178 dl7.avgate.net
Hosts: 62.146.66.179 dl8.avgate.net
Hosts: 80.190.143.239 dl9.avgate.net
Hosts: 80.190.143.230 dl10.avgate.net
Hosts: 62.146.66.187 personal.avira-update.com personal.avira-cdn.com
Hosts: 80.190.143.232 personal.avira-update.net
Hosts: 80.190.143.229 perspeak.avira-update.com
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
AC-3 ACM Codec
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Shockwave Player 11.5
Agent Ransack 2010
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Apple Application Support
Apple Software Update
Application Profiles
ArcSoft TotalMedia Theatre 5
Audacity 1.3.12 (Unicode)
Avira AntiVir Personal - Free Antivirus
AviSynth 2.5
Battlefield 3
Battlelog Web Plugins
CamStudio
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco Packet Tracer 5.3
Combined Community Codec Pack 2009-09-09
ContextEdit (PC Magazine)
D3DX10
Dota 2 Beta
DotAlicious Gaming Client
Duplicate Cleaner 2.0.6
ESN Sonar
foobar2000 v1.1.1
FormatFactory 2.60
Foxit Reader
FreeOCR 3.0
Garena Plus
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
HD Tune 2.55
IrfanView (remove only)
Java 7 Update 7
Java Auto Updater
Malwarebytes Anti-Malware version 1.65.0.1400
MediaInfo 0.7.60
Microsoft .NET Compact Framework 2.0 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MozBackup 1.5.1
Mozilla Firefox 15.0.1 (x86 en-US)
MSVCRT
Nero 8 Lite 8.3.2.1
NFOPad 1.57
NVIDIA PhysX
OpenAL
OPNET IT Guru Academic Edition 9.1
OPNET Model Library Academic Edition 9.1
Oracle VM VirtualBox 4.1.18
Origin
PDF Settings CS5
Portal 2
PowerISO
QuickTime
Realtek High Definition Audio Driver
Recuva
ScummVM 1.2.0
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype™ 5.10
Steam
SubMagic V0.71
The KMPlayer (remove only)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
VLC media player 1.0.1
VobSub v2.23 (Remove Only)
WhoCrashed 3.01
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WinRAR archiver
WinZip 15.5
x264vfw - H.264/MPEG-4 AVC codec (remove only)
Xvid Video Codec
.
==== Event Viewer Messages From Past Week ========
.
18.09.2012 12:16:08, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
18.09.2012 11:01:19, Error: Service Control Manager [7000] - The AODDriver4.1 service failed to start due to the following error: The system cannot find the file specified.
18.09.2012 11:01:11, Error: Service Control Manager [7000] - The Google Update Service (gupdatem) service failed to start due to the following error: The system cannot find the file specified.
18.09.2012 11:01:11, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified.
18.09.2012 01:04:20, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
17.09.2012 10:03:05, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.178.20, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
16.09.2012 03:21:21, Error: Service Control Manager [7034] - The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).
15.09.2012 16:53:38, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
.
==== End Of File ===========================

Also, sometimes when type in the address bar of my firefox browser i get alexa searches
maybe something with this
FF - prefs.js: keyword.URL - hxxp://search.toolbars.alexa.com/?ver=s ... F00g%2F&q=

how do i disable this?
tell subs_ to include hints of firefox search semi-hijacks removal
vanchom
Active Member
 
Posts: 2
Joined: September 19th, 2012, 9:11 am
Advertisement
Register to Remove

Re: Maybe virus

Unread postby pgmigg » September 19th, 2012, 11:37 am

Hello vanchom,

Welcome to the forum! :)

My nickname is pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3187
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Maybe virus

Unread postby pgmigg » September 19th, 2012, 4:24 pm

Hello vanchom,

Thank you for your patience... :)

Step 1.
WVCheck
  1. Please download WVCheck.exe and save it to your Desktop.
  2. Right-click WVCheck.exe and select Run as administrator... to run the process.
  3. Read the comments on the screen, then press Enter.
    The scan can take a while depending on the size of your hard drive.
  4. Once the program is done, Notepad will open with the scan report. Save the report to your Desktop.
  5. Please copy and paste the contents of the Notepad file in your next reply.

Step 2.
MGA Diagnostics
I need you to run a tool which will aid in determining what additional steps we'll need to perform.
  1. Please download this tool from Microsoft and save it to your Desktop.
  2. Right click on MGADiag.exe and select Run As Administrator to run it.
  3. Click "Run" again and then click "Continue".
  4. The program will run. It takes a while to finish the diagnosis, please be patient.
  5. Once done, click on Copy.
  6. Open Notepad and paste the contents in. Save this file and post it in your next reply.

Step 3.
Run CKScanner
  1. Please download CKScanner from Here
  2. Important: - Save it to your Desktop.
  3. Right-click CKScanner.exe and select Run as administrator..., then click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Then:
Please tell me, is this computer used for business purposes or connected to any business network?
I need to know it - so I can provide the proper instructions.

RE: Microsoft Office Enterprise 2007
Could you please also tell me how this program came to be installed on your machine?

Step 4.
Run CodeCheck Scan
  1. Please download codecheck from here to your Desktop.
  2. Make sure that codecheck.exe is on the your Desktop before running the application!
  3. Right-click on codecheck.exe and select "Run as administrator..." to run it.
  4. After a very short time a codecheck.txt icon will appear on your Desktop
  5. Double-click on the codecheck.txt icon on your Desktop and copy/paste the contents in your next reply.

Step 5.
MiniToolBox
Please download MiniToolBox.exe ... by Farbar and save it to your Desktop.
  1. Right click MiniToolBox and select "Run As Administrator...", to run the tool.
  2. Check the following in the list:
    • List content of Hosts
    • List IP configuration
    • List Restore Points
  3. Press the Go button.
    A file name Result.txt will be created in the same location where you downloaded MiniToolBox.exe
  4. Close the MiniToolBox window.
  5. Please post the contents of the Result.txt in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of a log created by MGADiag.exe[/li]
  3. Contents of a log created by WVCheck.exe[/li]
  4. Contents of a log created by CKFiles.txt[/li]
  5. Answer for my question related to type of using of your computer.
  6. Answer for my question related to source of Microsoft Office Enterprise 2007.
  7. Contents of the codecheck.txt log file
  8. Contents of a Result.txt log file
  9. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3187
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Maybe virus

Unread postby vanchom » September 19th, 2012, 6:07 pm

A. No.
B. Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-4AZ1H-ULANG-43JC6
Windows Product Key Hash: jOVc5YO2dhoY0P2nbBT2LO4ohpM=
Windows Product ID: 00371-216-2431238-45163
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {54A13092-BD96-4384-A956-8B70C2381379}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.120503-2030
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{24A66032-BA69-4974-A936-8B70A2318329}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-36BC6</PKey><PID>00371-216-2431238-45163</PID><PIDType>5</PIDType><SID>S-1-5-21-2015683414-2195027816-1435768475</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>Default System BIOS</Manufacturer><Version>F4</Version><SMBIOSVersion major="2" minor="4"/><Date>07110026000000.000000+000</Date></BIOS><HWID>21603B07018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(UTC+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00170-216-2431238-00-1033-7601.0000-0882012
Installation ID: 003490280540930785143824663296113841203996296351362876
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 35BA6
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 19/09/2012 11:50:54 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 7:23:2012 20:25
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: NpAAAAEABAABAAEAAWABAAAAAgABAAEAln2IhC6D3KgZiFPyEDMed3UbYj2c5KDDVhCA6Q==

OEM Activation 1.0 Data-->
N/A

C. Windows Validation Check
Version: 1.9.12.5
Log Created On: 2245_19-09-2012
-----------------------

Windows Information
-----------------------
Windows Version: Windows 7 Service Pack 1
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Do not download or install updates automatically.
-----------------------
Last Success Time for Update Detection: 2012-09-16 10:24:46
Last Success Time for Update Download: 2012-09-16 10:33:33
Last Success Time for Update Installation: 2012-09-16 10:34:29


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
C:\Windows\System32\slwga.dll
Size: 14336 bytes
Creation; 27/6/2011 13:17:35
Modification; 20/11/2010 13:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f\slwga.dll
Size: 14336 bytes
Creation; 27/6/2011 13:17:35
Modification; 20/11/2010 13:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - f1dd3acaee5e6b4bbc69bc6df75cef66


-------- End of File, program close at 2249_19-09-2012 --------

D. CKScanner - Additional Security Risks - These are not necessarily bad
hosts 127.0.0.1 cheapadobe.com
hosts 127.0.0.1 http://www.cheapadobe.com
hosts 127.0.0.1 flashplayer-adobe.com
hosts 127.0.0.1 flashplayeradobe.com
scanner sequence 3.ZZ.11.GMAPUR
----- EOF -----

E. This computer is not used for business purposes nor it is connected to a business network.

F. My mother uses that. I guess she bought it?

G. Codecheck Version 1.0

09019

H. MiniToolBox by Farbar Version: 23-07-2012
Ran by user (administrator) on 19-09-2012 at 23:15:35
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************
========================= IP Configuration: ================================

Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) = Local Area Connection (Connected)
VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Connected)
Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="VirtualBox Host-Only Network" address=192.168.56.1 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : user-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : speedport.ip

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) #2
Physical Address. . . . . . . . . : 44-87-FC-96-61-41
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : speedport.ip
Description . . . . . . . . . . . : Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 44-87-FC-5E-4C-E8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.178.20(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : ?????, 19 ????????? 2012 14:51:22
Lease Expires . . . . . . . . . . : ??????, 29 ????????? 2012 14:51:22
Default Gateway . . . . . . . . . : 192.168.178.1
DHCP Server . . . . . . . . . . . : 192.168.178.1
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VirtualBox Host-Only Network:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
Physical Address. . . . . . . . . : 08-00-27-00-64-11
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Enabled
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: google.com
Addresses: 2a00:1450:400d:805::1007
173.194.39.169
173.194.39.163
173.194.39.165
173.194.39.174
173.194.39.168
173.194.39.161
173.194.39.167
173.194.39.162
173.194.39.166
173.194.39.160
173.194.39.164


Pinging google.com [173.194.39.169] with 32 bytes of data:
Reply from 173.194.39.169: bytes=32 time=41ms TTL=54
Reply from 173.194.39.169: bytes=32 time=42ms TTL=54

Ping statistics for 173.194.39.169:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 41ms, Maximum = 42ms, Average = 41ms
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: yahoo.com
Addresses: 72.30.38.140
98.138.253.109
98.139.183.24


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=1017ms TTL=46
Reply from 72.30.38.140: bytes=32 time=1067ms TTL=46

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1017ms, Maximum = 1067ms, Average = 1042ms
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...44 87 fc 96 61 41 ......Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) #2
10...44 87 fc 5e 4c e8 ......Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
16...08 00 27 00 64 11 ......VirtualBox Host-Only Ethernet Adapter
1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.178.1 192.168.178.20 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.56.0 255.255.255.0 On-link 192.168.56.1 276
192.168.56.1 255.255.255.255 On-link 192.168.56.1 276
192.168.56.255 255.255.255.255 On-link 192.168.56.1 276
192.168.178.0 255.255.255.0 On-link 192.168.178.20 276
192.168.178.20 255.255.255.255 On-link 192.168.178.20 276
192.168.178.255 255.255.255.255 On-link 192.168.178.20 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.56.1 276
224.0.0.0 240.0.0.0 On-link 192.168.178.20 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.56.1 276
255.255.255.255 255.255.255.255 On-link 192.168.178.20 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Restore Points ==================================

16-09-2012 09:08:22 kekerec
16-09-2012 10:33:34 Windows Update

**** End of log ****

I. No but I only used it for a couple of hours now.

You're welcome,
vanchom

P.S. forgot to mention that I unchecked the hosts in that minitoolbox whatever because it was taking a long time and I have a lot of lines in my HOSTS file since I was using spybot immunize function and mvphosts lists
vanchom
Active Member
 
Posts: 2
Joined: September 19th, 2012, 9:11 am

Re: Maybe virus

Unread postby pgmigg » September 19th, 2012, 10:10 pm

Hello vanchom,

I have a bad news... :(

Illegal software detected!!!

While going through your logs (current and previous) I found out that there are evidences that you have illegal software and that you are actively using it.
  • >>>> Windows 7 Ultimate <<<<<
  • >>>> Microsoft Office Enterprise 2007 <<<<<

Also there are evidences that you were edited logs to mask illegal/cracked/keygen files.

All together plus our forum policy Here says we will not help people who use cracked or pirated software.

This topic is being closed, be advised if you ever comes back to MWR again and posts a log from a machine that is running pirated software you will be banned!

pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3187
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Maybe virus

Unread postby NonSuch » September 20th, 2012, 3:40 am

It is the policy of this site that our volunteers do not assist with computers on which pirated, counterfeit, and/or cracked software is installed. Therefore, this topic will now be closed.

This topic is closed.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27305
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 56 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware