TechSpot

2 iexplore.exe in task manager tries to connect to malware site

By Ponder
May 18, 2012
  1. Hello, I started having problems with my internet 2 days ago. First I couldn't connect to the internet at all, I tried pretty much everything and after deleting my recently updated ad-aware I was able to reconnect again. I still had avast and that started occasionally prompting a warning where the infection details we're as follows
    Code:
    Infection Details
    URL:    [b]Bad link deleted by Bobbye[/b]
    Process:    C:\Program Files (x86)\Internet Explorer...
    Infection:    URL:Mal
    Soon after I checked my task manager and it shows 2 iexplore.exes and I can't close them. I actually use firefox so that was even more weird.

    I did a bunch of scans with malwarebytes and avast and found a few things but this iexplore.exe problem still persists.

    Here's the logs that you requested

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.05.18.03

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Gasoline :: GASOLINE-PC [administrator]

    Protection: Enabled

    18.5.2012 16:03:18
    mbam-log-2012-05-18 (16-03-18).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 208298
    Time elapsed: 1 minute(s), 4 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    gmerlog had nothing in it.

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
    Run by Gasoline at 16:20:48 on 2012-05-18
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.358.1033.18.8191.5152 [GMT 3:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Program Files\AVAST Software\Avast\afwServ.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\SysWOW64\ASDR.exe
    F:\Games\Tribes Ascend\HiPatchService.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\SysWOW64\HsMgr.exe
    C:\Windows\system\HsMgr64.exe
    C:\Program Files\ASUS Xonar Essence ST Audio\Customapp\ASUSAUDIOCENTER.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Windows\System32\StikyNot.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\taskmgr.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\notepad.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = astroburn-search.com
    uSearch Bar = Preserve
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: Astroburn Toolbar: {efeed92a-a33d-4873-ba8f-32baa631e54d} - C:\Program Files (x86)\Astroburn Toolbar\ABToolbar.dll
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [AdobeBridge]
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    uRun: [LicenseValidator] C:\Users\Gasoline\AppData\Roaming\Identities\{56EE14C5-861F-4115-ABC2-35412EEA1C71}\LicenseValidator.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    StartupFolder: C:\Users\Gasoline\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 192.168.100.1
    TCP: Interfaces\{B019938B-002E-4799-8BA1-2A2F10C828DD} : DhcpNameServer = 192.168.100.1
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB-X64: Astroburn Toolbar: {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - C:\Program Files (x86)\Astroburn Toolbar\ABToolbar.dll
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Gasoline\AppData\Roaming\Mozilla\Firefox\Profiles\t73cmd08.default\
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?]
    R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]
    R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]
    R1 aswKbd;aswKbd;C:\Windows\system32\drivers\aswKbd.sys --> C:\Windows\system32\drivers\aswKbd.sys [?]
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 CLBStor;InstantBurn Storage Helper Driver;C:\Windows\system32\DRIVERS\CLBStor.sys --> C:\Windows\system32\DRIVERS\CLBStor.sys [?]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R1 EIO64;EIO Driver;C:\Windows\system32\DRIVERS\EIO64.sys --> C:\Windows\system32\DRIVERS\EIO64.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-5-6 44768]
    R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2012-5-6 134920]
    R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;F:\Games\Tribes Ascend\HiPatchService.exe [2012-4-22 8704]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-17 654408]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-9 382272]
    R3 cmudaxp;ASUS Xonar Essence ST Audio Interface;C:\Windows\system32\drivers\cmudaxp.sys --> C:\Windows\system32\drivers\cmudaxp.sys [?]
    R3 IOMap;IOMap;\??\C:\Windows\system32\drivers\IOMap64.sys --> C:\Windows\system32\drivers\IOMap64.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-27 14648]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/01/28 17:49:14;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-12 241648]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 257696]
    S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-6 135584]
    S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
    S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 129976]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 WatAdminSvc;WatAdminSvc;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
    .
    =============== Created Last 30 ================
    .
    2012-05-18 12:38:46 -------- d-----w- C:\Program Files (x86)\ESET
    2012-05-18 11:03:10 -------- d-----w- C:\Users\Gasoline\AppData\Local\{32D596C6-563C-47E8-B092-D01D115EBC90}
    2012-05-18 11:03:00 -------- d-----w- C:\Users\Gasoline\AppData\Local\{5D6B73F3-8AE3-46FF-83D8-CDDFDD019E97}
    2012-05-17 14:17:27 -------- d-----w- C:\Users\Gasoline\AppData\Local\{86B1905B-E14E-437E-8550-49451B6D09BA}
    2012-05-17 14:17:13 -------- d-----w- C:\Users\Gasoline\AppData\Local\{3C1DCFCF-167C-4538-9C76-FD977F91BD1C}
    2012-05-17 13:25:07 -------- d-----w- C:\Users\Gasoline\AppData\Roaming\Malwarebytes
    2012-05-17 13:25:03 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-05-17 13:25:02 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-05-17 13:25:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-05-17 02:16:50 -------- d-----w- C:\Users\Gasoline\AppData\Local\{A6C8C0CB-76A1-4C02-B9F7-78CCCC817FA6}
    2012-05-17 02:16:37 -------- d-----w- C:\Users\Gasoline\AppData\Local\{2BEE6E36-93D5-4877-9022-16FBF6AD5877}
    2012-05-17 00:32:32 -------- d-----w- C:\ProgramData\GFI Software
    2012-05-16 23:53:21 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
    2012-05-16 23:53:21 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
    2012-05-16 23:52:56 -------- d-----w- C:\Program Files (x86)\Realtek
    2012-05-16 16:44:39 -------- d-----w- C:\Users\Gasoline\AppData\Local\ElevatedDiagnostics
    2012-05-16 16:00:53 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{67C9C634-3BBA-4303-8521-37535ED4659E}\mpengine.dll
    2012-05-16 14:38:46 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
    2012-05-16 14:37:32 -------- d-----w- C:\Users\Gasoline\AppData\Roaming\Ad-Aware Antivirus
    2012-05-16 14:16:14 -------- d-----w- C:\Users\Gasoline\AppData\Local\{18456DE9-070D-40DE-81E8-B15F87677B32}
    2012-05-16 14:15:55 -------- d-----w- C:\Users\Gasoline\AppData\Local\{8D8C6096-DABB-46E5-9367-1E9B1A03469E}
    2012-05-16 01:57:50 -------- d-----w- C:\Users\Gasoline\AppData\Local\{DF21D111-D4BD-4FCD-ACE6-96F47D2DFC29}
    2012-05-16 01:57:37 -------- d-----w- C:\Users\Gasoline\AppData\Local\{EB24A5AB-0843-42B2-AD37-BD5DB6F8487E}
    2012-05-15 19:43:49 -------- d-----w- C:\Users\Gasoline\AppData\Roaming\Windows Desktop Search
    2012-05-15 19:43:49 -------- d-----w- C:\Users\Gasoline\AppData\Roaming\TeamViewer
    2012-05-15 13:57:14 -------- d-----w- C:\Users\Gasoline\AppData\Local\{A56899CE-AE10-4C85-993A-34E48D931C21}
    2012-05-15 13:57:00 -------- d-----w- C:\Users\Gasoline\AppData\Local\{39F1A0D4-F46C-4A2F-8AA5-A461CD362B7E}
    2012-05-15 01:56:41 -------- d-----w- C:\Users\Gasoline\AppData\Local\{BEA102CC-9135-41E1-B3B9-7F7E28E5154F}
    2012-05-15 01:56:28 -------- d-----w- C:\Users\Gasoline\AppData\Local\{B66C350A-63E0-4AB0-9A67-362E478185E8}
    2012-05-14 13:56:17 -------- d-----w- C:\Users\Gasoline\AppData\Local\{0CF8B57E-C9D6-4A7E-8EA8-790215C57232}
    2012-05-14 01:55:53 -------- d-----w- C:\Users\Gasoline\AppData\Local\{AFCEBAB2-1D04-4162-B1C6-8C829196B3CD}
    2012-05-14 01:55:40 -------- d-----w- C:\Users\Gasoline\AppData\Local\{AB3C3A75-C6B9-4843-BCDA-EA06B018650C}
    2012-05-13 13:55:17 -------- d-----w- C:\Users\Gasoline\AppData\Local\{3D5FF046-5826-44EC-A7C7-B3F4DC04F1B0}
    2012-05-13 13:55:07 -------- d-----w- C:\Users\Gasoline\AppData\Local\{C25D7406-320C-4877-B95E-C6CF9FAE2BB2}
    2012-05-12 13:23:29 -------- d-----w- C:\Users\Gasoline\AppData\Local\{24D2EA6B-F44C-44FE-A603-7081A7EC6489}
    2012-05-12 13:23:19 -------- d-----w- C:\Users\Gasoline\AppData\Local\{55294916-B583-4F03-9998-6D364AC14985}
    2012-05-11 20:50:52 -------- d-----w- C:\Users\Gasoline\AppData\Local\{3E7AE193-1859-4B10-B943-FB5BCD2004D1}
    2012-05-11 20:50:28 -------- d-----w- C:\Users\Gasoline\AppData\Local\{6497C87B-9ED3-4866-B52E-851EE94ABB76}
    2012-05-11 08:50:16 -------- d-----w- C:\Users\Gasoline\AppData\Local\{14E4DD51-0539-49AF-8179-0E7E614C63B3}
    2012-05-11 08:50:07 -------- d-----w- C:\Users\Gasoline\AppData\Local\{332524DB-C8BC-4A96-9DF6-0E467DD8DB94}
    2012-05-10 20:31:38 -------- d-----w- C:\Users\Gasoline\AppData\Local\{EE3D5802-5508-4C69-A4EC-0418EC6FCFDD}
    2012-05-10 20:31:25 -------- d-----w- C:\Users\Gasoline\AppData\Local\{36336D31-57AF-4EB9-A3D3-FDDB753459C8}
    2012-05-10 08:31:02 -------- d-----w- C:\Users\Gasoline\AppData\Local\{6B616F24-A1FE-40FF-9733-37069D6309FD}
    2012-05-10 08:30:49 -------- d-----w- C:\Users\Gasoline\AppData\Local\{A2199D86-FB54-44A9-9373-2D6ABFD0931C}
    2012-05-09 20:30:38 -------- d-----w- C:\Users\Gasoline\AppData\Local\{8C0BC2B4-3FA3-4BCC-A278-6A6E10315A9F}
    2012-05-09 20:30:24 -------- d-----w- C:\Users\Gasoline\AppData\Local\{49624C3A-4C1B-41C6-9411-B61F8A780D1F}
    2012-05-09 08:35:13 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2012-05-09 08:35:13 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2012-05-09 08:35:13 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
    2012-05-09 08:35:13 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
    2012-05-09 08:35:13 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
    2012-05-09 08:35:13 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
    2012-05-09 08:35:13 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
    2012-05-09 08:35:13 1541120 ----a-w- C:\Windows\System32\DWrite.dll
    2012-05-09 08:35:13 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2012-05-09 08:35:13 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-05-09 08:34:47 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-09 08:34:47 3143680 ----a-w- C:\Windows\System32\win32k.sys
    2012-05-09 08:34:46 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-09 08:34:46 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-05-09 08:34:43 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
    2012-05-09 08:34:40 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-05-09 08:34:38 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-09 08:34:38 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
    2012-05-09 08:34:38 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
    2012-05-09 08:34:38 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
    2012-05-09 08:34:38 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-09 08:30:01 -------- d-----w- C:\Users\Gasoline\AppData\Local\{E2184097-37FB-4BE9-94A1-0162231B98BB}
    2012-05-09 08:29:50 -------- d-----w- C:\Users\Gasoline\AppData\Local\{55BD5AFF-BB12-4D6D-A831-80541CF9A696}
    2012-05-08 20:00:59 -------- d-----w- C:\Users\Gasoline\AppData\Local\{FF747E8C-EC33-4BB3-B91F-6A080C1D0D22}
    2012-05-08 20:00:46 -------- d-----w- C:\Users\Gasoline\AppData\Local\{ED7014A9-8DEC-4AF8-B332-5A7D536D4618}
    2012-05-08 10:10:58 -------- d-----w- C:\Users\Gasoline\AppData\Roaming\OpenOffice.org
    2012-05-08 10:10:29 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
    2012-05-08 08:00:35 -------- d-----w- C:\Users\Gasoline\AppData\Local\{6C08EDC7-0FEA-4438-9E5D-D6B880E1253D}
    2012-05-08 08:00:23 -------- d-----w- C:\Users\Gasoline\AppData\Local\{D1A31453-B97C-4378-9A87-E8CE3CE1D91B}
    2012-05-07 20:00:00 -------- d-----w- C:\Users\Gasoline\AppData\Local\{4C8DEE43-99B9-4864-95E6-5D2AD33E0991}
    2012-05-07 19:59:47 -------- d-----w- C:\Users\Gasoline\AppData\Local\{07C030E4-70A7-4E3D-8172-42B0EF88D4BF}
    2012-05-07 07:59:36 -------- d-----w- C:\Users\Gasoline\AppData\Local\{A2265C1A-B21B-4971-9C02-5B77CA59D306}
    2012-05-07 07:59:26 -------- d-----w- C:\Users\Gasoline\AppData\Local\{48285F6A-BD58-40D5-8D54-87E16AD90F78}
    2012-05-06 12:20:05 -------- d-----w- C:\Users\Gasoline\AppData\Local\{1FFA57F2-C54C-44DE-BD55-349A7BD9102B}
    2012-05-06 12:19:52 -------- d-----w- C:\Users\Gasoline\AppData\Local\{E6444D96-B939-421E-A2DD-BFA9A4A9A2EF}
    2012-05-06 10:54:35 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2012-05-06 10:54:35 28504 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
    2012-05-06 00:19:29 -------- d-----w- C:\Users\Gasoline\AppData\Local\{38B48483-B7D7-4874-80E1-603B335B43F9}
    2012-05-06 00:19:16 -------- d-----w- C:\Users\Gasoline\AppData\Local\{D29F8BAB-079F-45C6-8BCA-80F3C29D76E8}
    2012-05-05 12:19:01 -------- d-----w- C:\Users\Gasoline\AppData\Local\{D3D30229-1935-4F39-A435-9476C0A7E605}
    2012-05-05 12:18:47 -------- d-----w- C:\Users\Gasoline\AppData\Local\{9E097870-A6A5-4999-B5B8-AA358A89D19E}
    2012-05-05 00:18:36 -------- d-----w- C:\Users\Gasoline\AppData\Local\{B5A0BB52-2F8E-4DB5-802F-94FDD6209E77}
    2012-05-05 00:18:23 -------- d-----w- C:\Users\Gasoline\AppData\Local\{AF566C2D-C0F4-49CB-994E-5774C51D7993}
    2012-05-04 12:18:09 -------- d-----w- C:\Users\Gasoline\AppData\Local\{4932D014-A3A6-47CB-9010-173ED564FBBF}
    2012-05-04 12:17:58 -------- d-----w- C:\Users\Gasoline\AppData\Local\{9D8F502C-9939-4468-9B76-DDB9FCBFEFD8}
    2012-05-03 14:25:23 -------- d-----w- C:\Users\Gasoline\AppData\Local\{38E230D9-AC68-458E-8971-B7C1AC55011D}
    2012-05-03 14:25:13 -------- d-----w- C:\Users\Gasoline\AppData\Local\{633841DF-7D19-4F8D-9557-FCF023E16B61}
    2012-05-02 10:27:59 -------- d-----w- C:\Users\Gasoline\AppData\Local\{DB6C712A-6B46-46FD-85B3-F978D15E125D}
    2012-05-02 10:27:45 -------- d-----w- C:\Users\Gasoline\AppData\Local\{820D9269-3F5A-4D10-AB4F-364397825227}
    2012-05-01 22:27:22 -------- d-----w- C:\Users\Gasoline\AppData\Local\{957CD4E6-C65C-4DF2-AECF-34DEB38772C0}
    2012-05-01 22:27:01 -------- d-----w- C:\Users\Gasoline\AppData\Local\{93B39153-88C1-4B67-B711-7F1F6478F908}
    2012-05-01 10:26:50 -------- d-----w- C:\Users\Gasoline\AppData\Local\{78278BE7-AE58-4E24-8711-2091916174C6}
    2012-05-01 10:26:34 -------- d-----w- C:\Users\Gasoline\AppData\Local\{91F6C3ED-EB80-42F2-A6D6-0EFCE955AFCE}
    2012-04-30 15:28:36 -------- d-----w- C:\Program Files (x86)\Lame For Audacity
    2012-04-30 15:24:01 -------- d-----w- C:\Program Files (x86)\Audacity
    2012-04-30 13:56:42 -------- d-----w- C:\Users\Gasoline\AppData\Local\{913E3D44-6A46-4369-B096-05EB5A91539F}
    2012-04-30 13:56:32 -------- d-----w- C:\Users\Gasoline\AppData\Local\{32D24ED3-5897-480C-94F5-61BC107E5257}
    2012-04-29 13:18:28 -------- d-----w- C:\Users\Gasoline\AppData\Local\{512D2DDE-DDA8-4CBB-B427-163B4C0B3046}
    2012-04-29 13:18:15 -------- d-----w- C:\Users\Gasoline\AppData\Local\{350FAEE4-2F84-436E-A14D-B7833AFEFABF}
    2012-04-29 01:18:04 -------- d-----w- C:\Users\Gasoline\AppData\Local\{78AFAEA1-A763-41B1-9767-9BA5459CF326}
    2012-04-29 01:17:53 -------- d-----w- C:\Users\Gasoline\AppData\Local\{28FDB96C-7292-457A-9B4D-BC98EEFE440D}
    2012-04-28 10:30:12 -------- d-----w- C:\Users\Gasoline\AppData\Local\{B9D7F72F-A656-4C9F-8BEB-6A18C9522DE8}
    2012-04-28 10:30:02 -------- d-----w- C:\Users\Gasoline\AppData\Local\{DB5676A1-E197-49CD-B960-E4523C558914}
    2012-04-27 12:36:09 -------- d-----w- C:\Users\Gasoline\AppData\Local\{7D88E7D5-0B3D-41EB-AE94-E72FF94CD1BB}
    2012-04-27 12:35:58 -------- d-----w- C:\Users\Gasoline\AppData\Local\{61EF2CC7-A5A6-4D1B-B14F-791686B87BAC}
    2012-04-26 12:35:09 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
    2012-04-26 12:35:08 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
    2012-04-26 12:35:08 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
    2012-04-26 12:34:23 -------- d-----w- C:\Users\Gasoline\AppData\Local\{124789F5-A74E-4374-9F85-FE184C871CF7}
    2012-04-26 12:34:11 -------- d-----w- C:\Users\Gasoline\AppData\Local\{C581BB91-3397-4F31-913E-04B3A861E531}
    2012-04-25 13:04:21 -------- d-----w- C:\Users\Gasoline\AppData\Local\{50F656A6-D5F0-41EE-9C83-76C34986C392}
    2012-04-25 13:04:10 -------- d-----w- C:\Users\Gasoline\AppData\Local\{065DD38F-857F-4E78-ABAE-4A210948FA56}
    2012-04-24 15:14:49 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-04-24 15:14:38 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2012-04-24 15:14:38 2580552 ----a-w- C:\Windows\SysWow64\pbsvc.exe
    2012-04-24 11:57:07 -------- d-----w- C:\Users\Gasoline\AppData\Local\{21D19127-D0F8-4CEA-991B-2E2DF58ADC50}
    2012-04-24 11:56:57 -------- d-----w- C:\Users\Gasoline\AppData\Local\{E2D735BF-5467-4C92-9A19-185584E25D2D}
    2012-04-23 11:53:15 -------- d-----w- C:\Users\Gasoline\AppData\Local\{7648C287-7D7E-4A5F-A6A7-A154FF608B4A}
    2012-04-23 11:53:04 -------- d-----w- C:\Users\Gasoline\AppData\Local\{2A9567D2-739B-4944-A4E6-14BCD6112909}
    2012-04-22 20:08:31 -------- d-----w- C:\Users\Gasoline\AppData\Local\{62D3CB78-D0B9-413E-89DF-DB621E51E213}
    2012-04-22 20:08:10 -------- d-----w- C:\Users\Gasoline\AppData\Local\{D8729CDC-DC04-4DDB-AA97-BD0D05D4FF41}
    2012-04-22 10:56:51 -------- d-----w- C:\Users\Gasoline\AppData\Local\Chromium
    2012-04-22 09:21:05 -------- d-----w- C:\ProgramData\Hi-Rez Studios
    2012-04-22 08:07:59 -------- d-----w- C:\Users\Gasoline\AppData\Local\{1B11E63C-5398-450B-AF2C-6F50D0DDD773}
    2012-04-22 08:07:49 -------- d-----w- C:\Users\Gasoline\AppData\Local\{705F1E05-1D04-4863-8021-E69AB4F00A09}
    2012-04-21 09:36:11 -------- d-----w- C:\Users\Gasoline\AppData\Local\{B39F462C-04F9-4529-A687-6AFDEEF0E534}
    2012-04-21 09:36:00 -------- d-----w- C:\Users\Gasoline\AppData\Local\{4C7E22F5-144B-4DEB-8D63-702ECF0BDFB5}
    2012-04-20 11:44:08 -------- d-----w- C:\Users\Gasoline\AppData\Local\{7D4E317E-4DDB-4735-A602-59FE7FD49B74}
    2012-04-20 11:43:57 -------- d-----w- C:\Users\Gasoline\AppData\Local\{8463BFB4-2BFD-4EAB-A04E-E146CF3F6A99}
    2012-04-19 12:19:08 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
    2012-04-19 12:16:32 -------- d-----w- C:\Users\Gasoline\AppData\Local\{5E63EC59-AB58-4186-873E-CE5812730CF8}
    2012-04-19 12:16:21 -------- d-----w- C:\Users\Gasoline\AppData\Local\{87A805D1-888A-49AC-B590-AD5356C99408}
    .
    ==================== Find3M ====================
    .
    2012-05-14 23:11:58 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-05-14 23:11:48 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-05-04 21:42:08 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-04 21:42:08 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-05-04 21:42:06 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-19 12:19:11 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
    2012-03-08 15:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
    2012-03-08 15:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
    2012-03-06 23:15:19 41184 ----a-w- C:\Windows\avastSS.scr
    2012-03-06 23:04:31 141144 ----a-w- C:\Windows\System32\drivers\aswFW.sys
    2012-03-06 23:04:06 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-03-06 23:03:29 258904 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys
    2012-03-06 23:01:52 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-03-01 06:54:38 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2012-03-01 06:45:41 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2012-03-01 06:40:14 80896 ----a-w- C:\Windows\System32\imagehlp.dll
    2012-03-01 06:35:16 5120 ----a-w- C:\Windows\System32\wmi.dll
    2012-03-01 05:49:05 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-03-01 05:45:05 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2012-03-01 05:40:44 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
    2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-02-23 07:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
    .
    ============= FINISH: 16:21:05,30 ===============

    Edit: Attached Attach.txt file from DDS has been opened and pasted in below by Bobbye

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume6
    Install Date: 12.11.2011 18:22:11
    System Uptime: 18.5.2012 15:24:26 (1 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | M4A88T-V EVO/USB3
    Processor: AMD Phenom(tm) II X4 965 Processor | AM3 | 3600/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 119 GiB total, 23,856 GiB free.
    D: is FIXED (NTFS) - 432 GiB total, 59,188 GiB free.
    E: is FIXED (NTFS) - 233 GiB total, 54,314 GiB free.
    F: is FIXED (NTFS) - 500 GiB total, 52,348 GiB free.
    G: is FIXED (NTFS) - 349 GiB total, 28,103 GiB free.
    H: is CDROM ()
    I: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {85b5ddd0-e090-4b15-bdf2-a443a3ca0b66}
    Description: ATITool Driver
    Device ID: ROOT\*ATITOOLDEVICE\0000
    Manufacturer: W1zzard
    Name: ATITool Driver
    PNP Device ID: ROOT\*ATITOOLDEVICE\0000
    Service: ATITool
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: SBRE
    Device ID: ROOT\LEGACY_SBRE\0000
    Manufacturer:
    Name: SBRE
    PNP Device ID: ROOT\LEGACY_SBRE\0000
    Service: SBRE
    .
    Class GUID:
    Description: Universal Serial Bus (USB) Controller
    Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_03\4&3A484DD5&0&0050
    Manufacturer:
    Name: Universal Serial Bus (USB) Controller
    PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_03\4&3A484DD5&0&0050
    Service:
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    3DMark 11
    Adobe AIR
    Adobe Community Help
    Adobe Media Player
    Adobe Photoshop CS5
    Adobe Reader X (10.1.2)
    Astroburn Lite
    Astroburn Toolbar
    ASUS Smart Doctor
    ATITool Overclocking Utility
    µTorrent
    Audacity 2.0
    avast! Internet Security
    Battlefield 3™
    Battlelog Web Plugins
    Command & Conquer 3
    CrystalDiskInfo 4.1.4
    CyberLink InstantBurn
    CyberLink Media Suite
    CyberLink Power2Go
    CyberLink PowerBackup
    CyberLink PowerDVD 10
    D3DX10
    DAEMON Tools Lite
    Dead Space
    DOOM 3
    DOOM 3: Resurrection of Evil
    Dxtory 2.0.108
    ESN Sonar
    Exact Audio Copy 1.0beta3
    FLAC 1.2.1a (remove only)
    foobar2000 v1.1
    Fraps (remove only)
    Futuremark SystemInfo
    Geeks3D.com FurMark 1.9.2
    GOM Player
    GOMTV Streamer
    Half-Life 2
    Hard Reset
    Hi-Rez Studios Authenticate and Update Service
    Java Auto Updater
    Java(TM) 6 Update 22
    Java(TM) 6 Update 29
    K-Lite Codec Pack 6.3.0 (Full)
    LAME v3.99.3 (for Windows)
    Left 4 Dead 2
    Livestream Procaster
    Malwarebytes Anti-Malware version 1.61.0.1400
    Mass Effect™ 3
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Mozilla Firefox 12.0 (x86 en-GB)
    Mozilla Maintenance Service
    MSI Afterburner 2.1.0
    MSVCRT
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    OCCT Perestroika 3.0.0
    OpenAL
    OpenOffice.org 3.3
    Origin
    PDF Settings CS5
    PunkBuster Services
    Realtek Ethernet Controller Driver For Windows 7
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Skype™ 5.5
    StarCraft II
    Steam
    The Witcher 2
    Tribes Ascend
    Ultra Fractal 4.03
    Unreal Tournament 3
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Utility
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    X3: Albion Prelude
    X3: Terran Conflict
    .
    ==== Event Viewer Messages From Past Week ========
    .
    18.5.2012 4:19:22, Error: Service Control Manager [7023] - The SPP Notification Service service terminated with the following error: Access is denied.
    18.5.2012 15:51:00, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    18.5.2012 15:24:45, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
    18.5.2012 15:24:38, Error: Service Control Manager [7000] - The CyberLink InstantBurn UDF Filesystem service failed to start due to the following error: The system cannot find the file specified.
    18.5.2012 15:20:43, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
    18.5.2012 13:55:00, Error: bowser [8003] - The master browser has received a server announcement from the computer EKT43 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B019938B-002E-4799-8BA1-2A2F10C828DD}. The master browser is stopping or an election is being forced.
    16.5.2012 19:53:29, Error: bowser [8003] - The master browser has received a server announcement from the computer EKT43 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1FBC95C7-9F65-4B33-B0DB-DC41EDC69A31}. The master browser is stopping or an election is being forced.
    16.5.2012 19:13:45, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ASDR service.
    16.5.2012 17:15:42, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
    15.5.2012 0:18:01, Error: Service Control Manager [7034] - The Zune Windows Mobile Connectivity Service service terminated unexpectedly. It has done this 2 time(s).
    14.5.2012 13:45:46, Error: Service Control Manager [7034] - The Zune Windows Mobile Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
    12.5.2012 17:59:54, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800035b2611, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 051212-13712-01.
    .
    ==== End Of File ===========================
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Good Morning and welcome to TechSpot!

    As you see, I opened the attachment and pasted it in your post. The author put the 'don not post' and the 'zip' directions in the Attaxch.txt log and we can't remove it. However, we added instruction to ignore this and paste it in- so I did some housekeeping. I lso deletes the link ou left.

    About your problem:
    The domain beagleabschirmkiste.de is in Germany. McAfee TrustedSource web reputation analysis found potential security risks with this site. Use with extreme caution. What I don't know is if this was an attempt to access your system that was blocked, or whether something in your system is atempting to access the site on the internet. The former is normal and the AV is doing what it should. The latter would indicate that there is malware in the system to be found and removed.

    About multiple iexplore.exe:
    If you have IE8, it is normal to have 2 or more of these processes in the Task Manager. But since malware can hide in almost every process, we will tke that into consideration.

    Did you run GMER? Log?

    I would like you to temporarily remove the CD emulators as they can interfer with the cans. This would be Daemon Lite and I think also include Astroburn.
    To disable CD Emulation programs using DeFogger please perform these steps:
    1. . Please download DeFogger to your desktop.
    2. . Double-click on the DeFogger icon to start the tool.
    3. . The application window will> appear> click on the Disable button to disable your CD Emulation drivers
    4. . At prompt to continue> click on the Yes button to continue
    5. . When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
    DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.
    ---------------------------
    The following can be done when we're finished:
    =======================================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------

    • Download Combofix from HERE or HEREand save to the desktop
      • Double click combofix.exe [​IMG]& follow the prompts.
      • If prompted for Recovery Console, please allow.
      • Once installed, you should see a blue screen prompt that says:
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • Close any open browsers.
    • Before you run the Combofix scan, please disable any security software you have running.
      (If you need help with this, please see HERE)
    • Click on Yes, to continue scanning for malware
    • If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficultyand terminates prematurely, the connection can be manually restored by restarting your machine.
    =========================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ==================================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    Threads are closed after 5 days if there is no reply.

    Please leave the logs for Combofix and the Eset scan in your next reply.
     
  3. Ponder

    Ponder TS Rookie Topic Starter Posts: 17

    Update on the situation, yesterday I lost my connection for around 5 minutes again. The symptom is that everytime I try to open a site, it won't even try to load. Windows does say I'm connected though but running internet explorers troubleshoot I get "The remote device or resource won't accept the connection." I forgot to mention that earlier.

    Also last time avast blocked the connection to the beagle.de site, my soundcards drivers were the one's trying to connect there.

    I did ran GMER and the Log had nothing in it.

    ESET also found nothing

    combofix log
    ComboFix 12-05-18.02 - Gasoline 18.05.2012 20:51:14.1.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.358.1033.18.8191.6015 [GMT 3:00]
    Sijainti: c:\users\Gasoline\Desktop\ComboFix.exe
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Gasoline\AppData\Roaming\Help\coredb\storage
    c:\users\Gasoline\AppData\Roaming\Identities\{56EE14C5-861F-4115-ABC2-35412EEA1C71}\LicenseValidator.exe
    .
    .
    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2012-04-18 to 2012-05-18 )))))))))))))))))
    .
    .
    2012-05-18 17:54 . 2012-05-18 17:54 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-05-17 13:25 . 2012-05-17 13:25 -------- d-----w- c:\users\Gasoline\AppData\Roaming\Malwarebytes
    2012-05-17 13:25 . 2012-05-17 13:25 -------- d-----w- c:\programdata\Malwarebytes
    2012-05-17 13:25 . 2012-05-17 13:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-05-17 13:25 . 2012-04-04 12:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-05-17 00:32 . 2012-05-17 00:32 -------- d-----w- c:\programdata\GFI Software
    2012-05-16 23:53 . 2010-05-20 04:04 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
    2012-05-16 23:53 . 2010-05-20 04:04 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
    2012-05-16 23:52 . 2012-05-16 23:52 -------- d-----w- c:\program files (x86)\Realtek
    2012-05-16 16:44 . 2012-05-16 16:44 -------- d-----w- c:\users\Gasoline\AppData\Local\ElevatedDiagnostics
    2012-05-16 16:00 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{67C9C634-3BBA-4303-8521-37535ED4659E}\mpengine.dll
    2012-05-16 14:38 . 2012-05-17 00:32 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
    2012-05-16 14:37 . 2012-05-16 15:57 -------- d-----w- c:\users\Gasoline\AppData\Roaming\Ad-Aware Antivirus
    2012-05-15 23:28 . 2012-05-15 23:28 -------- d-----w- c:\users\Gasoline\AppData\Roaming\vlc
    2012-05-15 19:43 . 2012-05-15 19:43 -------- d-----w- c:\users\Gasoline\AppData\Roaming\Windows Desktop Search
    2012-05-15 19:43 . 2012-05-15 19:43 -------- d-----w- c:\users\Gasoline\AppData\Roaming\TeamViewer
    2012-05-09 08:35 . 2012-03-03 06:29 1541120 ----a-w- c:\windows\system32\DWrite.dll
    2012-05-09 08:35 . 2012-03-03 06:29 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
    2012-05-09 08:35 . 2012-03-03 06:29 197120 ----a-w- c:\windows\system32\d3d10_1.dll
    2012-05-09 08:35 . 2012-03-03 06:29 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
    2012-05-09 08:35 . 2012-03-03 06:29 902656 ----a-w- c:\windows\system32\d2d1.dll
    2012-05-09 08:35 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-05-09 08:35 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
    2012-05-09 08:35 . 2012-03-03 05:40 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
    2012-05-09 08:35 . 2012-03-03 05:40 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
    2012-05-09 08:35 . 2012-03-03 05:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
    2012-05-09 08:34 . 2012-04-02 05:34 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-09 08:34 . 2012-04-02 03:01 3143680 ----a-w- c:\windows\system32\win32k.sys
    2012-05-09 08:34 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-09 08:34 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-05-09 08:34 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys
    2012-05-09 08:34 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-05-09 08:34 . 2012-04-02 05:26 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
    2012-05-09 08:34 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-09 08:34 . 2012-04-02 05:24 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
    2012-05-09 08:34 . 2012-04-02 05:24 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
    2012-05-09 08:34 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-08 10:10 . 2012-05-08 10:10 -------- d-----w- c:\users\Gasoline\AppData\Roaming\OpenOffice.org
    2012-05-08 10:10 . 2012-05-08 10:10 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
    2012-05-06 10:54 . 2012-03-06 23:02 28504 ----a-w- c:\windows\system32\drivers\aswKbd.sys
    2012-05-06 10:54 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-04-30 15:28 . 2012-04-30 15:28 -------- d-----w- c:\program files (x86)\Lame For Audacity
    2012-04-30 15:24 . 2012-05-15 21:58 -------- d-----w- c:\users\Gasoline\AppData\Roaming\Audacity
    2012-04-30 15:24 . 2012-04-30 15:24 -------- d-----w- c:\program files (x86)\Audacity
    2012-04-26 12:35 . 2012-04-26 12:35 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2012-04-26 12:35 . 2012-04-26 12:35 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
    2012-04-26 12:35 . 2012-04-26 12:35 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
    2012-04-24 15:14 . 2012-05-14 23:11 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-04-24 15:14 . 2012-04-24 15:19 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-04-24 15:14 . 2011-10-10 14:42 2580552 ----a-w- c:\windows\SysWow64\pbsvc.exe
    2012-04-22 10:56 . 2012-04-22 10:56 -------- d-----w- c:\users\Gasoline\AppData\Local\Chromium
    2012-04-22 09:21 . 2012-04-22 10:56 -------- d-----w- c:\programdata\Hi-Rez Studios
    2012-04-19 12:19 . 2012-04-19 12:19 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
    .
    .
    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-14 23:11 . 2011-11-13 13:58 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-05-14 23:11 . 2011-11-13 13:30 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-05-04 21:42 . 2012-04-09 10:52 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-05-04 21:42 . 2011-11-12 17:52 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-04 21:42 . 2012-04-09 11:42 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-19 12:19 . 2011-11-14 18:46 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2012-03-09 10:43 . 2012-03-09 10:43 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2012-03-09 10:43 . 2012-03-09 10:43 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2012-03-09 10:43 . 2012-03-09 10:43 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2012-03-09 10:43 . 2012-03-09 10:43 85504 ----a-w- c:\windows\system32\iesetup.dll
    2012-03-09 10:43 . 2012-03-09 10:43 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2012-03-09 10:43 . 2012-03-09 10:43 76800 ----a-w- c:\windows\system32\tdc.ocx
    2012-03-09 10:43 . 2012-03-09 10:43 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2012-03-09 10:43 . 2012-03-09 10:43 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2012-03-09 10:43 . 2012-03-09 10:43 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2012-03-09 10:43 . 2012-03-09 10:43 603648 ----a-w- c:\windows\system32\vbscript.dll
    2012-03-09 10:43 . 2012-03-09 10:43 49664 ----a-w- c:\windows\system32\imgutil.dll
    2012-03-09 10:43 . 2012-03-09 10:43 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2012-03-09 10:43 . 2012-03-09 10:43 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2012-03-09 10:43 . 2012-03-09 10:43 448512 ----a-w- c:\windows\system32\html.iec
    2012-03-09 10:43 . 2012-03-09 10:43 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-03-09 10:43 . 2012-03-09 10:43 367104 ----a-w- c:\windows\SysWow64\html.iec
    2012-03-09 10:43 . 2012-03-09 10:43 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2012-03-09 10:43 . 2012-03-09 10:43 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2012-03-09 10:43 . 2012-03-09 10:43 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2012-03-09 10:43 . 2012-03-09 10:43 222208 ----a-w- c:\windows\system32\msls31.dll
    2012-03-09 10:43 . 2012-03-09 10:43 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-03-09 10:43 . 2012-03-09 10:43 165888 ----a-w- c:\windows\system32\iexpress.exe
    2012-03-09 10:43 . 2012-03-09 10:43 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2012-03-09 10:43 . 2012-03-09 10:43 160256 ----a-w- c:\windows\system32\wextract.exe
    2012-03-09 10:43 . 2012-03-09 10:43 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2012-03-09 10:43 . 2012-03-09 10:43 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2012-03-09 10:43 . 2012-03-09 10:43 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-03-09 10:43 . 2012-03-09 10:43 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2012-03-09 10:43 . 2012-03-09 10:43 12288 ----a-w- c:\windows\system32\mshta.exe
    2012-03-09 10:43 . 2012-03-09 10:43 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2012-03-09 10:43 . 2012-03-09 10:43 114176 ----a-w- c:\windows\system32\admparse.dll
    2012-03-09 10:43 . 2012-03-09 10:43 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2012-03-09 10:43 . 2012-03-09 10:43 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2012-03-09 10:43 . 2012-03-09 10:43 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2012-03-08 15:50 . 2012-03-08 15:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
    2012-03-08 15:37 . 2012-03-08 15:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
    2012-03-06 23:15 . 2011-11-12 17:43 41184 ----a-w- c:\windows\avastSS.scr
    2012-03-06 23:15 . 2011-11-12 17:43 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-03-06 23:15 . 2011-11-12 17:43 258520 ----a-w- c:\windows\system32\aswBoot.exe
    2012-03-06 23:04 . 2011-12-13 15:16 141144 ----a-w- c:\windows\system32\drivers\aswFW.sys
    2012-03-06 23:04 . 2011-11-12 17:43 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-03-06 23:04 . 2011-11-12 17:43 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-03-06 23:03 . 2011-12-13 15:16 258904 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
    2012-03-06 23:01 . 2011-11-12 17:43 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-03-06 23:01 . 2011-11-12 17:43 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-03-06 23:01 . 2011-11-12 17:43 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-03-01 06:54 . 2012-04-12 23:18 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-03-01 06:45 . 2012-04-12 23:18 220672 ----a-w- c:\windows\system32\wintrust.dll
    2012-03-01 06:40 . 2012-04-12 23:18 80896 ----a-w- c:\windows\system32\imagehlp.dll
    2012-03-01 06:35 . 2012-04-12 23:18 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-03-01 05:49 . 2012-04-12 23:18 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
    2012-03-01 05:45 . 2012-04-12 23:18 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
    2012-03-01 05:40 . 2012-04-12 23:18 5120 ----a-w- c:\windows\SysWow64\wmi.dll
    2012-02-28 06:56 . 2012-04-12 23:18 2311168 ----a-w- c:\windows\system32\jscript9.dll
    2012-02-28 06:49 . 2012-04-12 23:18 1390080 ----a-w- c:\windows\system32\wininet.dll
    2012-02-28 06:48 . 2012-04-12 23:18 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-02-28 06:42 . 2012-04-12 23:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-02-28 01:18 . 2012-04-12 23:18 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-02-28 01:11 . 2012-04-12 23:18 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-02-28 01:11 . 2012-04-12 23:18 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-02-28 01:03 . 2012-04-12 23:18 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-02-23 07:18 . 2011-11-12 16:55 279656 ------w- c:\windows\system32\MpSigStub.exe
    .
    .
    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{EFEED92A-A33D-4873-BA8F-32BAA631E54D}"= "c:\program files (x86)\Astroburn Toolbar\ABToolbar.dll" [2011-05-23 1000768]
    .
    [HKEY_CLASSES_ROOT\clsid\{efeed92a-a33d-4873-ba8f-32baa631e54d}]
    [HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj.1]
    [HKEY_CLASSES_ROOT\TypeLib\{142EECD7-B6CA-4e29-AE5D-A4798EF4FD7F}]
    [HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    c:\users\Gasoline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux8"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
    R2 CLBUDFbk;CyberLink InstantBurn UDF Filesystem; [x]
    R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/01/28 17:49;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-12 241648]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
    R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
    R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
    R3 GPU-Z;GPU-Z;c:\users\Gasoline\AppData\Local\Temp\GPU-Z.sys [x]
    R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
    S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
    S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
    S1 aswFW;avast! TDI Firewall driver; [x]
    S1 aswKbd;aswKbd; [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\DRIVERS\CLBStor.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
    S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-03-06 134920]
    S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;f:\games\Tribes Ascend\HiPatchService.exe [2012-04-05 8704]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
    S3 cmudaxp;ASUS Xonar Essence ST Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [x]
    S3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    --- Muut muistissa olevat ajurit/palvelut ---
    .
    *NewlyCreated* - WS2IFSL
    *Deregistered* - CLKMDRV10_38F51D56
    .
    'Ajoitetut tehtävät'-kansion sisältö
    .
    2012-05-18 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 21:42]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EFEED92A-A33D-4873-BA8F-32BAA631E54D}"= "c:\program files (x86)\Astroburn Toolbar\ABToolbar64.dll" [2011-05-23 1536320]
    .
    [HKEY_CLASSES_ROOT\CLSID\{EFEED92A-A33D-4873-BA8F-32BAA631E54D}]
    [HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj.1]
    [HKEY_CLASSES_ROOT\TypeLib\{142EECD7-B6CA-4e29-AE5D-A4798EF4FD7F}]
    [HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2009-10-30 8151040]
    "Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
    "Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    .
    ------- Täydentävä tarkistus -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = astroburn-search.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 192.168.100.1
    FF - ProfilePath - c:\users\Gasoline\AppData\Roaming\Mozilla\Firefox\Profiles\t73cmd08.default\
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - POISTETUT JÄMÄRIVIT - - - -
    .
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
    Wow6432Node-HKCU-Run-LicenseValidator - c:\users\Gasoline\AppData\Roaming\Identities\{56EE14C5-861F-4115-ABC2-35412EEA1C71}\LicenseValidator.exe
    AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
    .
    .
    .
    --------------------- LUKITUT REKISTERIAVAIMET ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Muut prosessit ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\windows\SysWOW64\ASDR.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files\ASUS Xonar Essence ST Audio\Customapp\ASUSAUDIOCENTER.EXE
    c:\program files (x86)\ASUS\SmartDoctor\SmartDoctor.exe
    c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
    .
    **************************************************************************
    .
    Valmistumisajankohta: 2012-05-18 20:58:37 - kone käynnistettiin uudelleen
    ComboFix-quarantined-files.txt 2012-05-18 17:58
    .
    Ennen ajoa: 24 473 923 584 bytes free
    Ajon jälkeen: 25 721 954 304 bytes free
    .
    - - End Of File - - CC09F2D85AD2712905DB68609C55249E


    Combofix-quarantined-files.txt

    2012-05-18 17:58:08 . 2012-05-18 17:58:08 2,908 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-PunkBusterSvc.reg.dat
    2012-05-18 17:58:08 . 2012-05-18 17:58:08 1,164 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Battlelog Web Plugins.reg.dat
    2012-05-18 17:57:49 . 2012-05-18 17:57:49 213 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-LicenseValidator.reg.dat
    2012-05-18 17:57:49 . 2012-05-18 17:57:49 141 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES.reg.dat
    2012-05-18 17:57:49 . 2012-05-18 17:57:49 97 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-AdobeBridge.reg.dat
    2012-05-18 17:53:20 . 2012-05-18 17:53:20 4,200 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
    2012-05-18 17:50:31 . 2012-05-18 17:50:31 51 ----a-w- C:\Qoobox\Quarantine\catchme.log
    2012-05-17 15:36:29 . 2012-05-17 20:14:04 239,616 ----a-w- C:\Qoobox\Quarantine\C\Users\Gasoline\AppData\Roaming\Identities\{56EE14C5-861F-4115-ABC2-35412EEA1C71}\LicenseValidator.exe.vir
    2012-05-15 20:03:55 . 2012-05-18 17:49:00 142,096 ----a-w- C:\Qoobox\Quarantine\C\Users\Gasoline\AppData\Roaming\Help\coredb\storage.vir
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please refer to THIS Microsoft site. Go through the 6 recommended methord to resolve the issue.
    --------------------------------------
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    c:\program files (x86)\MSI Afterburner\RTCore64.sys
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{EFEED92A-A33D-4873-BA8F-32BAA631E54D}"=-
    [HKEY_CLASSES_ROOT\clsid\{efeed92a-a33d-4873-ba8f-32baa631e54d}]
    [HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj.1]
    [HKEY_CLASSES_ROOT\TypeLib\{142EECD7-B6CA-4e29-AE5D-A4798EF4FD7F}]
    [HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EFEED92A-A33D-4873-BA8F-32BAA631E54D}"=- "
    [HKEY_CLASSES_ROOT\CLSID\{EFEED92A-A33D-4873-BA8F-32BAA631E54D}]
    [HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj.1]
    [HKEY_CLASSES_ROOT\TypeLib\{142EECD7-B6CA-4e29-AE5D-A4798EF4FD7F}]
    [HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj]
    DDS::
    uStart Page = astroburn-search.com
    TB: Astroburn Toolbar: {efeed92a-a33d-4873-ba8f-32baa631e54d} - C:\Program Files (x86)\Astroburn Toolbar\ABToolbar.dll
    uRun: [LicenseValidator] C:\Users\Gasoline\AppData\Roaming\Identities\{56EE14C5-861F-4115-ABC2-35412EEA1C71}\LicenseValidator.exe
    TB-X64: Astroburn Toolbar: {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - C:\Program Files (x86)\Astroburn Toolbar\ABToolbar.dll
    Clearjavacache::
    Driver::
    RTCore64
    FCopy::
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    Per this Combofix scan the the contents of the Qoobox folder:
    CoreDB: 2-way integration with Techlog in order to exchange, locate and question data. Generate inventories
    \LicenseValidator.exe
    It appears they are related to Divine IT Limited with description "a pioneer company specializing in enterprise, telecom and End user software in Bangladesh." Among it's functions are payroll, wages, salary, resource planning.

    These are for work, yes? Do you have an IT in the office? Because Combofix wants these entries out. If they are work-related, if they are clean, the IT is the one to determine that.
    ====================
    Directions in Combofix:
    The header in Combofix that you ran:
    This can affect the results in the scan.

    Both of the site you mentioned that were blocked were German. You have German on the system. Are there any other DE site that Avast blocks?.

    Let me kniow if one of the 6 MS Methods resolves the connection problem.
     
  5. Ponder

    Ponder TS Rookie Topic Starter Posts: 17

    The 6 methods didn't work back when I tried everything at first. And this losing of internet only happened twice after it for a period of minutes.

    This is also my own personal computer at home, no work related stuff on here. Those corporate things you mentioned about bangladesh and all I have no idea what they are and I'm inclined to believe they're related to the malware stuff.

    Also when combofix reboots my pc, avast opens automatically, otherwise it was disabled.

    And no, it's always the same site it wants to connect to.

    Here's new log, also after doing the combofix now my MSI afterburner won't start. Was that supposed to happen?
    ComboFix 12-05-18.02 - Gasoline 19.05.2012 20:13:53.2.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.358.1033.18.8191.6562 [GMT 3:00]
    Sijainti: c:\users\Gasoline\Desktop\ComboFix.exe
    Käytetyt komentorivivalitsimet :: c:\users\Gasoline\Desktop\CFScript.txt
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\program files (x86)\MSI Afterburner\RTCore64.sys"
    .
    .
    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Astroburn Toolbar\ABToolbar.dll
    c:\program files (x86)\MSI Afterburner\RTCore64.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Ajurit/Palvelut )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_RTCORE64
    -------\Service_RTCore64
    .
    .
    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2012-04-19 to 2012-05-19 )))))))))))))))))
    .
    .
    2012-05-19 17:17 . 2012-05-19 17:17 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-05-18 17:59 . 2012-05-18 17:59 -------- d-----w- c:\program files (x86)\ESET
    2012-05-17 13:25 . 2012-05-17 13:25 -------- d-----w- c:\users\Gasoline\AppData\Roaming\Malwarebytes
    2012-05-17 13:25 . 2012-05-17 13:25 -------- d-----w- c:\programdata\Malwarebytes
    2012-05-17 13:25 . 2012-05-17 13:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-05-17 13:25 . 2012-04-04 12:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-05-17 00:32 . 2012-05-17 00:32 -------- d-----w- c:\programdata\GFI Software
    2012-05-16 23:53 . 2010-05-20 04:04 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
    2012-05-16 23:53 . 2010-05-20 04:04 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
    2012-05-16 23:52 . 2012-05-16 23:52 -------- d-----w- c:\program files (x86)\Realtek
    2012-05-16 16:44 . 2012-05-16 16:44 -------- d-----w- c:\users\Gasoline\AppData\Local\ElevatedDiagnostics
    2012-05-16 16:00 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{67C9C634-3BBA-4303-8521-37535ED4659E}\mpengine.dll
    2012-05-16 14:38 . 2012-05-17 00:32 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
    2012-05-16 14:37 . 2012-05-16 15:57 -------- d-----w- c:\users\Gasoline\AppData\Roaming\Ad-Aware Antivirus
    2012-05-15 23:28 . 2012-05-15 23:28 -------- d-----w- c:\users\Gasoline\AppData\Roaming\vlc
    2012-05-15 19:43 . 2012-05-15 19:43 -------- d-----w- c:\users\Gasoline\AppData\Roaming\Windows Desktop Search
    2012-05-15 19:43 . 2012-05-15 19:43 -------- d-----w- c:\users\Gasoline\AppData\Roaming\TeamViewer
    2012-05-09 08:35 . 2012-03-03 06:29 1541120 ----a-w- c:\windows\system32\DWrite.dll
    2012-05-09 08:35 . 2012-03-03 06:29 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
    2012-05-09 08:35 . 2012-03-03 06:29 197120 ----a-w- c:\windows\system32\d3d10_1.dll
    2012-05-09 08:35 . 2012-03-03 06:29 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
    2012-05-09 08:35 . 2012-03-03 06:29 902656 ----a-w- c:\windows\system32\d2d1.dll
    2012-05-09 08:35 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-05-09 08:35 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
    2012-05-09 08:35 . 2012-03-03 05:40 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
    2012-05-09 08:35 . 2012-03-03 05:40 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
    2012-05-09 08:35 . 2012-03-03 05:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
    2012-05-09 08:34 . 2012-04-02 05:34 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-09 08:34 . 2012-04-02 03:01 3143680 ----a-w- c:\windows\system32\win32k.sys
    2012-05-09 08:34 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-09 08:34 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-05-09 08:34 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys
    2012-05-09 08:34 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-05-09 08:34 . 2012-04-02 05:26 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
    2012-05-09 08:34 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-09 08:34 . 2012-04-02 05:24 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
    2012-05-09 08:34 . 2012-04-02 05:24 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
    2012-05-09 08:34 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-08 10:10 . 2012-05-08 10:10 -------- d-----w- c:\users\Gasoline\AppData\Roaming\OpenOffice.org
    2012-05-08 10:10 . 2012-05-08 10:10 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
    2012-05-06 10:54 . 2012-03-06 23:02 28504 ----a-w- c:\windows\system32\drivers\aswKbd.sys
    2012-05-06 10:54 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-04-30 15:28 . 2012-04-30 15:28 -------- d-----w- c:\program files (x86)\Lame For Audacity
    2012-04-30 15:24 . 2012-05-15 21:58 -------- d-----w- c:\users\Gasoline\AppData\Roaming\Audacity
    2012-04-30 15:24 . 2012-04-30 15:24 -------- d-----w- c:\program files (x86)\Audacity
    2012-04-26 12:35 . 2012-04-26 12:35 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2012-04-26 12:35 . 2012-04-26 12:35 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
    2012-04-26 12:35 . 2012-04-26 12:35 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
    2012-04-24 15:14 . 2012-05-14 23:11 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-04-24 15:14 . 2012-04-24 15:19 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-04-24 15:14 . 2011-10-10 14:42 2580552 ----a-w- c:\windows\SysWow64\pbsvc.exe
    2012-04-22 10:56 . 2012-04-22 10:56 -------- d-----w- c:\users\Gasoline\AppData\Local\Chromium
    2012-04-22 09:21 . 2012-04-22 10:56 -------- d-----w- c:\programdata\Hi-Rez Studios
    .
    .
    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-14 23:11 . 2011-11-13 13:58 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-05-14 23:11 . 2011-11-13 13:30 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-05-04 21:42 . 2012-04-09 10:52 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-05-04 21:42 . 2011-11-12 17:52 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-04 21:42 . 2012-04-09 11:42 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-19 12:19 . 2011-11-14 18:46 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2012-03-09 10:43 . 2012-03-09 10:43 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2012-03-09 10:43 . 2012-03-09 10:43 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2012-03-09 10:43 . 2012-03-09 10:43 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2012-03-09 10:43 . 2012-03-09 10:43 85504 ----a-w- c:\windows\system32\iesetup.dll
    2012-03-09 10:43 . 2012-03-09 10:43 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2012-03-09 10:43 . 2012-03-09 10:43 76800 ----a-w- c:\windows\system32\tdc.ocx
    2012-03-09 10:43 . 2012-03-09 10:43 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2012-03-09 10:43 . 2012-03-09 10:43 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2012-03-09 10:43 . 2012-03-09 10:43 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2012-03-09 10:43 . 2012-03-09 10:43 603648 ----a-w- c:\windows\system32\vbscript.dll
    2012-03-09 10:43 . 2012-03-09 10:43 49664 ----a-w- c:\windows\system32\imgutil.dll
    2012-03-09 10:43 . 2012-03-09 10:43 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2012-03-09 10:43 . 2012-03-09 10:43 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2012-03-09 10:43 . 2012-03-09 10:43 448512 ----a-w- c:\windows\system32\html.iec
    2012-03-09 10:43 . 2012-03-09 10:43 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-03-09 10:43 . 2012-03-09 10:43 367104 ----a-w- c:\windows\SysWow64\html.iec
    2012-03-09 10:43 . 2012-03-09 10:43 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2012-03-09 10:43 . 2012-03-09 10:43 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2012-03-09 10:43 . 2012-03-09 10:43 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2012-03-09 10:43 . 2012-03-09 10:43 222208 ----a-w- c:\windows\system32\msls31.dll
    2012-03-09 10:43 . 2012-03-09 10:43 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-03-09 10:43 . 2012-03-09 10:43 165888 ----a-w- c:\windows\system32\iexpress.exe
    2012-03-09 10:43 . 2012-03-09 10:43 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2012-03-09 10:43 . 2012-03-09 10:43 160256 ----a-w- c:\windows\system32\wextract.exe
    2012-03-09 10:43 . 2012-03-09 10:43 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2012-03-09 10:43 . 2012-03-09 10:43 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2012-03-09 10:43 . 2012-03-09 10:43 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-03-09 10:43 . 2012-03-09 10:43 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2012-03-09 10:43 . 2012-03-09 10:43 12288 ----a-w- c:\windows\system32\mshta.exe
    2012-03-09 10:43 . 2012-03-09 10:43 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2012-03-09 10:43 . 2012-03-09 10:43 114176 ----a-w- c:\windows\system32\admparse.dll
    2012-03-09 10:43 . 2012-03-09 10:43 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2012-03-09 10:43 . 2012-03-09 10:43 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2012-03-09 10:43 . 2012-03-09 10:43 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2012-03-08 15:50 . 2012-03-08 15:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
    2012-03-08 15:37 . 2012-03-08 15:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
    2012-03-06 23:15 . 2011-11-12 17:43 41184 ----a-w- c:\windows\avastSS.scr
    2012-03-06 23:15 . 2011-11-12 17:43 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-03-06 23:15 . 2011-11-12 17:43 258520 ----a-w- c:\windows\system32\aswBoot.exe
    2012-03-06 23:04 . 2011-12-13 15:16 141144 ----a-w- c:\windows\system32\drivers\aswFW.sys
    2012-03-06 23:04 . 2011-11-12 17:43 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-03-06 23:04 . 2011-11-12 17:43 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-03-06 23:03 . 2011-12-13 15:16 258904 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
    2012-03-06 23:01 . 2011-11-12 17:43 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-03-06 23:01 . 2011-11-12 17:43 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-03-06 23:01 . 2011-11-12 17:43 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-03-01 06:54 . 2012-04-12 23:18 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-03-01 06:45 . 2012-04-12 23:18 220672 ----a-w- c:\windows\system32\wintrust.dll
    2012-03-01 06:40 . 2012-04-12 23:18 80896 ----a-w- c:\windows\system32\imagehlp.dll
    2012-03-01 06:35 . 2012-04-12 23:18 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-03-01 05:49 . 2012-04-12 23:18 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
    2012-03-01 05:45 . 2012-04-12 23:18 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
    2012-03-01 05:40 . 2012-04-12 23:18 5120 ----a-w- c:\windows\SysWow64\wmi.dll
    2012-02-28 06:56 . 2012-04-12 23:18 2311168 ----a-w- c:\windows\system32\jscript9.dll
    2012-02-28 06:49 . 2012-04-12 23:18 1390080 ----a-w- c:\windows\system32\wininet.dll
    2012-02-28 06:48 . 2012-04-12 23:18 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-02-28 06:42 . 2012-04-12 23:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-02-28 01:18 . 2012-04-12 23:18 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-02-28 01:11 . 2012-04-12 23:18 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-02-28 01:11 . 2012-04-12 23:18 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-02-28 01:03 . 2012-04-12 23:18 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-02-23 07:18 . 2011-11-12 16:55 279656 ------w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-05-18_17.57.10 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-07-14 04:54 . 2012-05-18 17:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-05-19 17:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-05-18 17:57 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-05-19 17:18 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-05-18 17:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-05-19 17:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-11-12 16:38 . 2012-05-18 17:58 52948 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-05-19 11:59 36952 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-11-13 21:23 . 2012-05-19 02:26 4308 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    + 2012-01-08 18:38 . 2012-05-18 23:47 1840 c:\windows\system32\wdi\{88d4896f-f553-446a-9c75-9dec124ff8b7}.bin
    + 2011-11-12 16:24 . 2012-05-19 11:59 9314 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1833706481-1927669099-1257457944-1000_UserData.bin
    - 2012-05-18 17:55 . 2012-05-18 17:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-05-19 17:18 . 2012-05-19 17:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-11-15 18:57 . 2012-05-19 16:40 336562 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
    - 2009-07-14 02:36 . 2012-05-18 17:53 651938 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-05-19 11:59 651938 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-05-18 17:53 120870 c:\windows\system32\perfc009.dat
    + 2009-07-14 02:36 . 2012-05-19 11:59 120870 c:\windows\system32\perfc009.dat
    + 2009-07-14 05:01 . 2012-05-19 17:17 362188 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2012-05-18 17:55 362188 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2012-03-09 17:28 . 2012-05-18 17:55 897224 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-12288.dat
    + 2012-03-09 17:28 . 2012-05-19 17:17 897224 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-12288.dat
    - 2012-03-12 22:27 . 2012-05-18 17:55 2243844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1833706481-1927669099-1257457944-1000-4096.dat
    + 2012-03-12 22:27 . 2012-05-19 02:26 2243844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1833706481-1927669099-1257457944-1000-4096.dat
    + 2009-07-14 02:34 . 2012-05-19 12:07 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    - 2009-07-14 02:34 . 2012-05-18 17:11 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2011-11-12 16:34 . 2012-05-19 17:17 56284628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1833706481-1927669099-1257457944-1000-8192.dat
    .
    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    c:\users\Gasoline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux8"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
    R2 CLBUDFbk;CyberLink InstantBurn UDF Filesystem; [x]
    R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/01/28 17:49;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-12 241648]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
    R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
    R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
    R3 GPU-Z;GPU-Z;c:\users\Gasoline\AppData\Local\Temp\GPU-Z.sys [x]
    R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
    S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
    S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
    S1 aswFW;avast! TDI Firewall driver; [x]
    S1 aswKbd;aswKbd; [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\DRIVERS\CLBStor.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
    S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-03-06 134920]
    S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;f:\games\Tribes Ascend\HiPatchService.exe [2012-04-05 8704]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
    S3 cmudaxp;ASUS Xonar Essence ST Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [x]
    S3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    --- Muut muistissa olevat ajurit/palvelut ---
    .
    *Deregistered* - CLKMDRV10_38F51D56
    .
    'Ajoitetut tehtävät'-kansion sisältö
    .
    2012-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 21:42]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EFEED92A-A33D-4873-BA8F-32BAA631E54D}"= "c:\program files (x86)\Astroburn Toolbar\ABToolbar64.dll" [2011-05-23 1536320]
    .
    [HKEY_CLASSES_ROOT\CLSID\{EFEED92A-A33D-4873-BA8F-32BAA631E54D}]
    [HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj.1]
    [HKEY_CLASSES_ROOT\TypeLib\{142EECD7-B6CA-4e29-AE5D-A4798EF4FD7F}]
    [HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2009-10-30 8151040]
    "Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
    "Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "combofix"="c:\combofix\CF25316.3XE" [2009-07-14 344576]
    .
    ------- Täydentävä tarkistus -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 192.168.100.1
    FF - ProfilePath - c:\users\Gasoline\AppData\Roaming\Mozilla\Firefox\Profiles\t73cmd08.default\
    FF - prefs.js: network.proxy.type - 0
    .
    .
    --------------------- LUKITUT REKISTERIAVAIMET ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Muut prosessit ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\windows\SysWOW64\ASDR.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files\ASUS Xonar Essence ST Audio\Customapp\ASUSAUDIOCENTER.EXE
    c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
    c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
    c:\program files (x86)\ASUS\SmartDoctor\SmartDoctor.exe
    .
    **************************************************************************
    .
    Valmistumisajankohta: 2012-05-19 20:20:07 - kone käynnistettiin uudelleen
    ComboFix-quarantined-files.txt 2012-05-19 17:20
    ComboFix2.txt 2012-05-18 17:58
    .
    Ennen ajoa: 24 168 214 528 bytes free
    Ajon jälkeen: 23 887 532 032 bytes free
    .
    - - End Of File - - 7A06C9BA3A44DAE1D79E98A8C0B2FB97
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Sorry- that was my mistake. You have entries for both MSI Afterburner and another for Astroburn. Plus RTCore64. and coredb.

    I should be able to move it out of quarantine: Please run this for me again: Combofix-quarantined-files.txt
     
  7. Ponder

    Ponder TS Rookie Topic Starter Posts: 17

    You mean post the log of it?

    Combofix-quarantined-files.txt
    2012-05-19 17:16:12 . 2012-05-19 17:16:12 1,540 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_RTCore64.reg.dat
    2012-05-19 17:16:12 . 2012-05-19 17:16:12 1,100 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_RTCORE64.reg.dat
    2012-05-19 17:13:51 . 2012-05-19 17:13:51 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
    2012-05-18 17:58:08 . 2012-05-18 17:58:08 2,908 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-PunkBusterSvc.reg.dat
    2012-05-18 17:58:08 . 2012-05-18 17:58:08 1,164 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Battlelog Web Plugins.reg.dat
    2012-05-18 17:57:49 . 2012-05-18 17:57:49 213 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-LicenseValidator.reg.dat
    2012-05-18 17:57:49 . 2012-05-18 17:57:49 141 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES.reg.dat
    2012-05-18 17:57:49 . 2012-05-18 17:57:49 97 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-AdobeBridge.reg.dat
    2012-05-18 17:53:20 . 2012-05-19 17:16:01 4,146 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
    2012-05-18 17:50:31 . 2012-05-19 17:13:12 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
    2012-05-17 15:36:29 . 2012-05-17 20:14:04 239,616 ----a-w- C:\Qoobox\Quarantine\C\Users\Gasoline\AppData\Roaming\Identities\{56EE14C5-861F-4115-ABC2-35412EEA1C71}\LicenseValidator.exe.vir
    2012-05-15 20:03:55 . 2012-05-18 17:49:00 142,096 ----a-w- C:\Qoobox\Quarantine\C\Users\Gasoline\AppData\Roaming\Help\coredb\storage.vir
    2011-05-23 14:08:58 . 2011-05-23 14:08:58 1,000,768 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\Astroburn Toolbar\ABToolbar.dll.vir
    2010-05-27 00:43:00 . 2010-05-27 00:43:00 14,648 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MSI Afterburner\RTCore64.sys.vir
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Yes, thank you. I thought there was just one file:

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    
    DeQuarantine::
    C:\Qoobox\Quarantine\C\Program Files (x86)\MSI Afterburner\RTCore64.sys.vir 
    
    Quit::
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply>> you won't have a full Combofix log, just one for the DeQuarantine. Let make sure that gets your overclocking back.

    ====================
    Please let me know what problems remain.
     
  9. Ponder

    Ponder TS Rookie Topic Starter Posts: 17

    Just to note, after running the script and starting up avast and malwarbytes, I couldnt connect to the internet again. Rebooting fixed it though.

    Afterburner seems to work fine again!

    DeQuarantine
    C:\Qoobox\Quarantine\C\Program Files (x86)\MSI Afterburner\RTCore64.sys.vir -> C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
     
  10. Ponder

    Ponder TS Rookie Topic Starter Posts: 17

    Malwarebytes just notified me with this..

    2012/05/21 02:58:50 +0300 GASOLINE-PC Gasoline IP-BLOCK 212.117.175.145 (Type: outgoing, Port: 50108, Process: avastsvc.exe)
    2012/05/21 02:58:51 +0300 GASOLINE-PC Gasoline IP-BLOCK 212.117.175.145 (Type: outgoing, Port: 50109, Process: avastsvc.exe)
     
  11. Ponder

    Ponder TS Rookie Topic Starter Posts: 17

    Has I been forgotten?
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    No you haven't been forgetten. I haven't been well and am several days behind.

    Please see this information for the above. If you need more, please search the Mbam forum:
    =========================================

    Are you having any other problems now?
     
  13. Ponder

    Ponder TS Rookie Topic Starter Posts: 17

    So what about if it blocks a connection to an IP from time to time without me even surfing? I have no way of knowing what it is that tries to connect.

    Should I be safe otherwise with everything we did so far? I haven't experienced any other issues anymore except this IP blocking. It makes me feel unsafe though..

    Some of the IPs from the MB logs
    91.205.41.227
    91.224.160.206
    95.211.136.71
    146.185.18.114
    88.85.93.34
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    FYI:
    IP Address: 91.205.41.227 ISP: Dragonara Alliance Ltd.
    IP Address: 91.224.160.206 Organization: Bergdorf Group Ltd.
    IP Address: 95.211.136.71 ISP: LeaseWeb B.V. Location: Amsterdam, Netherlands
    IP Address: 146.185.18.114 ISP: Unknown Organization: Hosting Services
    IP Address: 88.85.93.34 is invalid
    ======================================================
    Security programs capable of blocking have sites listed within them to block, or may block a site with an invalid IP or if it doesn't recognize the IP. If a block is happening to a legitimate IP, then you open the program and enter the IP as an exception, such as for your sound card. The security programs usually have a section where you can uncheck the 'alert me to the block.'

    Please find that section and uncheck it.

    Any processes that starts on boot and runs in the background that has the capability of accessing the internet may try to access whether you're using the system or not. For instance, all the auto-updates you have running will be accessing the internet several times a day, every day, looking for updates. That's one reason why you should keep the startup processes to a minimum.

    You have an exceptional amount of traffic: 87 processes for C:\Users\Gasoline\AppData\Local\{CLSD}>> =============== Created Last 30 ================! And you using file sharing> µTorrent.
     
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Do you need any more help?
     
  16. Ponder

    Ponder TS Rookie Topic Starter Posts: 17

    Sorry I have been busy past week!

    I'm not sure if I do. All the problems I mentioned in the first post have been gone. Should this mean that I'm safe for now?

    And yes for the high amount of traffic I do sometimes use utorrent.
     
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Remove all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
      [o] Click START> then RUN
      [o] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Download OTCleanIt by OldTimer and save it to your Desktop.
      [o] Double click OTCleanIt.exe.
      [o] Click the CleanUp! button.
      [o] If you are prompted to Reboot during the cleanup, select Yes.
      [o]The tool will delete itself once it finishes.
      Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
      Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    • Set a new, clean Restore Point
      [o] Click on Start> right click on Computer> Properties
      [o] Select System Protection
      [o] Click on the Create button (near bottom)
      [o] Type a name for the Restore Point
      [o] Click on Create again to save the restore point.
    • Deleting all but the most recent System Protection point in Windows 7
      [o] Click Start> Computer> right click the C Drive and choose Properties> enter.
      [o] Click Disk Cleanup from there.
      [​IMG]
      [o] Click Clean up system files
      This restarts Disk Cleanup to run in elevated mode.
      [o] Click the More Options tab
      [​IMG]
      [o] Click the Clean up under System Restore and Shadow Copies.
      [o] Click OK.
      [o] You will get a confirmation screen> Just click Delete.
      [o] Click OK on the Disk Cleanup Screen.
      [o] Click Delete Files on the Confirmation screen.
    [​IMG]
    This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
    Images courtesy lytebyte.

    Empty the Recycle Bin
     
    Ponder likes this.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...