TechSpot

Malware found

By mom26gr8kids
Jan 7, 2014
  1. The other day I was attempting to download something I needed for the kid's school. It was a free download, but at the top of the page was one of those Start Download buttons, and because I was downloading something I clicked on it. Some 7-Zip thing or other. Once I clicked on it I realized that was not what I was downloading and I immediately stopped it, but when I ran Malware this morning it found some PUP software. So, now I need to go through the virus removal process. So irritated with myself for not paying better attention. Thanks for helping. Here is the Mbam log

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2014.01.07.04

    Windows 8 x64 NTFS
    Internet Explorer 10.0.9200.16750
    Kendra :: MOMSPC [administrator]

    1/7/2014 10:33:33 AM
    mbam-log-2014-01-07 (10-33-33).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 217873
    Time elapsed: 6 minute(s),

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Users\Kendra\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe (PUP.Optional.InstallCore) -> No action taken.
    C:\Users\Kendra\Downloads\ZipOpenerSetup.exe (PUP.Optional.InstallCore) -> No action taken.

    (end)
     
  2. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    DDS log

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.45.2
    Run by Kendra at 11:10:33 on 2014-01-07
    Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.5578.3723 [GMT -7:00]
    .
    AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
    FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\system32\dwm.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    C:\Windows\system32\dashost.exe
    C:\Program Files\Elantech\ETDService.exe
    C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    C:\Windows\system32\taskhostex.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Launch Manager\LMutilps32.exe
    C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
    C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
    C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
    C:\Windows\RfBtnSvc64.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\explorer.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
    C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
    C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
    C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
    C:\Program Files (x86)\RadioController\RfBtnHelper.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\System32\RuntimeBroker.exe
    C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\notepad.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [RadioController] "C:\Program Files (x86)\RadioController\RfBtnHelper.exe" Start_Run
    mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\GATEWA~1.LNK - C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{3B38C2B9-E5C1-4A75-9EE1-F1892D0EC33C} : NameServer = 156.154.70.22,156.154.71.22
    TCP: Interfaces\{3B38C2B9-E5C1-4A75-9EE1-F1892D0EC33C} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{3B38C2B9-E5C1-4A75-9EE1-F1892D0EC33C}\25F636B6751405D223 : NameServer = 156.154.70.22,156.154.71.22
    TCP: Interfaces\{3B38C2B9-E5C1-4A75-9EE1-F1892D0EC33C}\25F636B6751405D223 : DHCPNameServer = 10.0.0.2
    TCP: Interfaces\{3B38C2B9-E5C1-4A75-9EE1-F1892D0EC33C}\35F6C696467427F657E64637 : NameServer = 156.154.70.22,156.154.71.22
    TCP: Interfaces\{3B38C2B9-E5C1-4A75-9EE1-F1892D0EC33C}\35F6C696467427F657E64637 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.3.1
    TCP: Interfaces\{93861460-374F-46E0-90B7-36421D29E88F} : NameServer = 156.154.70.22,156.154.71.22
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-mPolicies-Explorer: NoDrives = dword:0
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Kendra\AppData\Roaming\Mozilla\Firefox\Profiles\3el9feo0.default\
    FF - prefs.js: browser.search.defaulturl -
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;avast! Revert;C:\Windows\System32\Drivers\aswRvrt.sys [2013-4-15 65776]
    R0 aswVmm;avast! VM Monitor;C:\Windows\System32\Drivers\aswVmm.sys [2013-4-15 207904]
    R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-4-15 1034464]
    R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswsp.sys [2013-4-15 422216]
    R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\Drivers\cmderd.sys [2013-1-16 23168]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\Drivers\cmdguard.sys [2013-1-16 715824]
    R1 cmdhlp;COMODO Internet Security Helper Driver;C:\Windows\System32\Drivers\cmdhlp.sys [2013-1-16 38072]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-27 239616]
    R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\Drivers\appexDrv.sys [2013-1-16 199008]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-4-15 78648]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-12-26 50344]
    R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-12-27 350544]
    R2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2012-12-27 100752]
    R2 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-9-5 227904]
    R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-11-8 250712]
    R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-1-16 2466448]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
    R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [2012-11-2 259136]
    R2 RfButtonDriverService;Dritek RF Button Command Service;C:\Windows\RfBtnSvc64.exe [2013-1-16 98160]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-12-27 91648]
    R3 ePowerSvc;ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2012-12-13 664288]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\Drivers\ETD.sys [2012-12-27 331152]
    R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-12-27 118936]
    R3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;C:\Windows\System32\Drivers\aPs2Kb2Hid.sys [2013-1-16 26736]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\Drivers\RtsPStor.sys [2013-1-16 343696]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2013-1-16 58536]
    S3 aswStm;aswStm;C:\Windows\System32\Drivers\aswstm.sys [2013-12-26 79672]
    S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-1-24 164056]
    S3 DeviceFastLaneService;Device Fast-lane Service;C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe [2012-11-16 469648]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\Drivers\rtwlane.sys [2012-6-29 1119232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WSDScan;WSD Scan Support;C:\Windows\System32\Drivers\WSDScan.sys [2012-12-27 23552]
    S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
    .
    =============== Created Last 30 ================
    .
    2013-12-28 17:02:49 236208 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10229.bin
    2013-12-26 22:28:24 79672 ----a-w- C:\Windows\System32\drivers\aswstm.sys
    2013-12-26 05:26:51 -------- d-----w- C:\Users\Kendra\AppData\Local\Apple Computer
    2013-12-26 05:26:39 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2013-12-26 05:26:10 -------- d-----w- C:\Program Files\iPod
    2013-12-26 05:26:09 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-12-26 05:26:09 -------- d-----w- C:\Program Files\iTunes
    2013-12-26 05:26:09 -------- d-----w- C:\Program Files (x86)\iTunes
    2013-12-26 05:25:13 -------- d-----w- C:\Users\Kendra\AppData\Local\Apple
    2013-12-26 05:24:27 -------- d-----w- C:\Program Files\Bonjour
    2013-12-26 05:24:27 -------- d-----w- C:\Program Files (x86)\Bonjour
    2013-12-15 23:48:56 23350272 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
    2013-12-15 23:48:53 22615040 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
    2013-12-10 22:37:47 420864 ----a-w- C:\Windows\System32\WMPhoto.dll
    2013-12-10 22:37:47 368640 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
    2013-12-10 22:09:36 312320 ----a-w- C:\Windows\System32\msieftp.dll
    2013-12-10 22:09:36 273408 ----a-w- C:\Windows\SysWow64\msieftp.dll
    2013-12-10 20:15:09 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-12-10 20:15:06 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
    2013-12-10 20:15:02 701952 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
    2013-12-10 20:15:02 2241536 ----a-w- C:\Windows\System32\wininet.dll
    2013-12-10 19:51:55 62976 ----a-w- C:\Windows\System32\imagehlp.dll
    2013-12-10 19:50:24 222720 ----a-w- C:\Windows\System32\scrobj.dll
    2013-12-10 19:50:24 143872 ----a-w- C:\Windows\System32\wshom.ocx
    2013-12-10 19:50:23 194048 ----a-w- C:\Windows\System32\scrrun.dll
    2013-12-10 19:50:23 162304 ----a-w- C:\Windows\SysWow64\scrobj.dll
    2013-12-10 19:50:23 156160 ----a-w- C:\Windows\SysWow64\scrrun.dll
    2013-12-10 19:50:23 146944 ----a-w- C:\Windows\System32\cscript.exe
    2013-12-10 19:50:23 115712 ----a-w- C:\Windows\SysWow64\cscript.exe
    2013-12-10 19:50:18 4036608 ----a-w- C:\Windows\System32\win32k.sys
    2013-12-10 19:49:49 288768 ----a-w- C:\Windows\System32\drivers\portcls.sys
    .
    ==================== Find3M ====================
    .
    2013-12-26 22:27:57 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
    2013-12-26 22:27:56 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2013-12-26 22:27:56 1034464 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2013-12-26 22:27:55 43152 ----a-w- C:\Windows\avastSS.scr
    2013-12-04 00:53:54 78304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-12-04 00:53:54 694240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-11-14 11:38:23 715824 ----a-w- C:\Windows\System32\drivers\cmdguard.sys
    2013-11-14 11:38:02 43216 ----a-w- C:\Windows\System32\cmdcsr.dll
    2013-10-30 16:32:30 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-10-25 06:19:12 915968 ----a-w- C:\Windows\System32\uxtheme.dll
    2013-10-25 06:17:57 3959808 ----a-w- C:\Windows\System32\jscript9.dll
    2013-10-25 04:43:42 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-10-21 17:01:46 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2013-10-21 17:01:46 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
    2013-10-19 04:04:07 59392 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2013-10-10 11:53:35 96600 ----a-w- C:\Windows\System32\drivers\wfplwfs.sys
    2013-10-10 09:21:20 1160192 ----a-w- C:\Windows\System32\IKEEXT.DLL
    2013-10-10 09:20:43 723968 ----a-w- C:\Windows\System32\BFE.DLL
    .
    ============= FINISH: 11:11:50.33 ===============
     
  3. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 8
    Boot Device: \Device\HarddiskVolume2
    Install Date: 4/15/2013 11:38:53 AM
    System Uptime: 1/6/2014 11:22:54 AM (24 hours ago)
    .
    Motherboard: Gateway | | VG50_CM
    Processor: AMD A8-4500M APU with Radeon(tm) HD Graphics | Socket FT1 | 1900/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 682 GiB total, 613.779 GiB free.
    D: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP42: 12/15/2013 6:49:28 PM - Windows Update
    RP43: 12/24/2013 12:05:31 PM - Scheduled Checkpoint
    RP44: 12/25/2013 10:25:15 PM - Installed iTunes
    RP45: 1/3/2014 8:58:29 AM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 Plugin
    Agatha Christie - Death on the Nile
    Aloha TriPeaks
    AMD Accelerated Video Transcoding
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    AMD Quick Stream
    AMD VISION Engine Control Center
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    avast! Free Antivirus
    Backup Manager v4
    Bejeweled 3
    Big Fish: Game Manager
    Bonjour
    Broadcom 802.11 Network Adapter
    Build-a-lot 2: Town of the Year
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    COMODO Internet Security
    Cradle Of Egypt Collector's Edition
    CyberLink MediaEspresso 6.5
    CyberLink PowerDVD 10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Delicious: Emily's True Love Premium Edition
    Dora's World Adventure
    Dritek Radio Controller
    Elevated Installer
    ESET Online Scanner v3
    ETDWare PS/2-X64 11.6.16.003_WHQL
    Game Channels
    Garmin Express
    Garmin Express Tray
    Gateway Device Fast-lane
    Gateway MyBackup
    Gateway Power Management
    Gateway Recovery Management
    Google Chrome
    Google Drive
    Google Update Helper
    Identity Card
    iTunes
    Java 7 Update 45
    Java Auto Updater
    Jewel Match 3
    Launch Manager
    Live Updater
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft Office
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Student 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mozilla Firefox 26.0 (x86 en-US)
    Mozilla Maintenance Service
    Mystery P.I. - Curious Case of Counterfeit Cove
    Nero 12 Essentials OEM.a01
    Nero ControlCenter
    Nero ControlCenter Help (CHM)
    Nero Core Components
    Nero Express
    Nero Express Help (CHM)
    Nero Launcher
    Nero Update
    Peggle Nights
    Penguins!
    Plants vs. Zombies - Game of the Year
    Polar Bowler
    Polar Golfer
    Prerequisite installer
    Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    Realtek High Definition Audio Driver
    Realtek PCIE Card Reader
    Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
    Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
    SpiderMania Solitaire
    Spotify
    SUPERAntiSpyware
    Tales of Lagoona
    Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
    Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
    Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
    Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
    Update Installer for WildTangent Games App
    WildTangent Games
    WildTangent Games App
    Zuma's Revenge
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/6/2014 11:23:21 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa800650a880, 0xfffff8037b482770, 0xfffffa80060231c0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010614-19624-01.
    1/6/2014 11:23:02 AM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
    1/1/2014 9:04:44 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 0.0.0.0 with the system having network hardware address 88-53-95-EF-10-BD. Network operations on this system may be disrupted as a result.
    .
    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================

    Your MBAM log says "No action taken".
    Re-run MBAM fix all issues and post new log.

    Now what MBAM reports is ZipOpenerSetup.
    Assuming you didn't run the installer (I don't see ZipOpener) in a list of installed programs you should be OK.
    Let me know.
     
  5. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    Oops thought I clicked on the remove threats earlier, but I forgot to select the threats I wanted to remove. Here is the log now

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2014.01.07.04

    Windows 8 x64 NTFS
    Internet Explorer 10.0.9200.16750
    Kendra :: MOMSPC [administrator]

    1/7/2014 7:31:15 PM
    mbam-log-2014-01-07 (19-31-15).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 218452
    Time elapsed: 5 minute(s), 37 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Users\Kendra\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
    C:\Users\Kendra\Downloads\ZipOpenerSetup.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.

    (end)
     
  6. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    I did not run the installer. Once I saw that I had downloaded the 7-zip instead of the file I was after I clicked exit
     
  7. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    You should be good to go :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...