Author Topic: [Resolved K] suspected pop up virus not being detected by titanium  (Read 3640 times)

0 Members and 1 Guest are viewing this topic.

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7342
Re: [Resolved K] suspected pop up virus not being detected by titanium
« Reply #15 on: December 14, 2011, 02:15:58 am »
I do not see that as a Malware issue, run the following scan so I can have a good look at your system:

Download OTL from any of the following links and save to your Desktop:

Link 1
Link 2
Link 3
Link 4
  • Double click on the icon to run it, Vista  or Windows 7 users right click and select Run as Administartor. Make sure all other windows are closed and to let it run uninterrupted.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Under the Custom Scan box paste this in
Code: [Select]
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      eventvwr.exe
      /md5stop
      %systemroot%\*. /mp /s
      hklm\software\clients\startmenuinternet|command /rs
      hklm\software\clients\startmenuinternet|command /64 /rs
      CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
       
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

Kevin



Offline sirk8556

  • Bronze Member
  • Posts: 36
Re: [Resolved K] suspected pop up virus not being detected by titanium
« Reply #16 on: December 14, 2011, 07:44:00 pm »
ok the files were to large to fit into a post either alone or together so i had to zip the files and attach them to the reply. i hope that isnt an issue. here they are and once again thank you for your help


Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7342
Re: [Resolved K] suspected pop up virus not being detected by titanium
« Reply #17 on: December 15, 2011, 02:11:00 am »
Do not see any malware problems with those logs, run the following:

Please download OTM by OldTimer.
Alternative Mirror 1
Alternative Mirror 2 
Save it to your desktop.
Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator
  • Copy the text between the dotted lines below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    -------------------------------------------------------------------

    :Files
    ipconfig /flushdns /c
    :Commands
    [EmptyTemp]
     

    ---------------------------------------------------------------------

  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Post that log, tell me how your system is responding...

Kevin


Offline sirk8556

  • Bronze Member
  • Posts: 36
Re: [Resolved K] suspected pop up virus not being detected by titanium
« Reply #18 on: December 15, 2011, 05:19:51 pm »
here are the results that youve requested.

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Omador\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Omador\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temporary Internet Files folder emptied: 204550 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 2836 bytes
 
User: Administrator.CHRIS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Omador
->Temp folder emptied: 2767270242 bytes
->Temporary Internet Files folder emptied: 320461928 bytes
->Java cache emptied: 21421730 bytes
->FireFox cache emptied: 144349670 bytes
->Google Chrome cache emptied: 49026760 bytes
->Flash cache emptied: 149884 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1138887 bytes
%systemroot%\System32 .tmp files removed: 3870737 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 77087040 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 153240620 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33728 bytes
RecycleBin emptied: 21277816 bytes
 
Total Files Cleaned = 3,396.00 mb
 
 
OTM by OldTimer - Version 3.1.19.0 log created on 12152011_150827

Files moved on Reboot...
File C:\WINDOWS\temp\Perflib_Perfdata_624.dat not found!

Registry entries deleted on Reboot...

my system seems to be running fine, also there was a file i forgot about in my recycle bin that was deleted that i couldn't remove before and i forgot about it, thank you for that.
other than that my system still randomly pops up 404 page not found windows for reasons unknown. but its not advertisment, and its probably just an issue with yahoo in the settings or something, ill look into it. 

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7342
Re: [Resolved K] suspected pop up virus not being detected by titanium
« Reply #19 on: December 15, 2011, 05:35:13 pm »
OK, thanks for the update, do the following:

Step 1

  • Download OTC by OldTimer and save it to your desktop. Alternative mirror
  • Double click icon to start the program.
    If you are using Vista or Windows 7, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
  • This will remove tools we have used and itself. Any tools/logs remaining on the Desktop can be deleted.
Delete any of the following if still on your Desktop:

DDS
aswMBR
RogueKiller, plus all logs and folder


Step 2

Download TFC  to your desktop, from either of the following links
 Link 1
 Link 2
  • Save any open work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select “Run as Administartor”
  • If prompted, click "Yes" to reboot.
Save any open work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds.  TFC may re-boot your system, if not Re-boot it yourself to  complete cleaning process <---- Very Important

Keep TFC it is an excellent utility to keep your system optimized, it empties all user temp folders, Java cache etc etc.  Always remember to re-boot after a run, even if not prompted

Step 3

Run this final scan so I can see an overview of your securiy, status of java and adobe etc.....

Download Security Check by screen317 from HERE or HERE.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Kevin



Offline sirk8556

  • Bronze Member
  • Posts: 36
Re: [Resolved K] suspected pop up virus not being detected by titanium
« Reply #20 on: December 15, 2011, 06:21:10 pm »
ok here is the results of the security check. thanks for the help  :t

 Results of screen317's Security Check version 0.99.28 
 Windows XP Service Pack 3 x86   
 Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:

 Windows Firewall Enabled! 
 Trend Micro Titanium Internet Security 
 Trend Micro™ Titanium™ Internet Security 
 Antivirus up to date! 
```````````````````````````````
Anti-malware/Other Utilities Check:

 Malwarebytes' Anti-Malware   
 Java(TM) 6 Update 29 
  Adobe Flash Player (   10.3.183.10) Flash Player out of Date! 
 Adobe Reader X (10.1.0) Adobe Reader out of Date! 
 Mozilla Firefox (8.0.1)
````````````````````````````````
Process Check: 
objlist.exe by Laurent

 Malwarebytes' Anti-Malware mbamservice.exe 
 Malwarebytes' Anti-Malware mbamgui.exe 
 Trend Micro AMSP coreServiceShell.exe 
 Trend Micro UniClient UiFrmWrk uiWatchDog.exe
 Trend Micro AMSP coreFrameworkHost.exe 
 Trend Micro Titanium plugin TMAS\TMAS_OE\TMAS_OEMon.exe
 Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
``````````End of Log````````````

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7342
Re: [Resolved K] suspected pop up virus not being detected by titanium
« Reply #21 on: December 15, 2011, 06:48:16 pm »
All looks good, couple of apps to update then you should be good to go:

Your Adobe Acrobat Reader is out of date. Older versions are vulnerable to attack and exploitation.

Please go to the link below to update.

Adobe Reader Untick the Free McAfee® Security Scan Plus (optional) unless you want it. (not required)

Next,

Your Adobe Flash Player is out of date. Older versions are vulnerable to attack and exploitation
Please go to the link below to update.
Adobe Flash Player Untick the Free McAfee® Security Scan Plus (optional) unless you want it. (not required)

If no more issues here are some tips to reduce the potential for malware infection in the future:

Make proper use of your antivirus and firewall

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Install and use WinPatrol  This will inform you of any attempted unauthorized changes to your system.

WinPatrol features explained Here

You will have several programs installed, these maybe outdated and vulnerable to exploits also. To be certain, please run the free online scan by Secunia, available Here   Before clicking the Start scan  button, please check the box for the option Enable thorough system inspection. Just below the "Scan Options:" section, you'll see the status of what's currently processing....
...when the scan completes, the message "Detection completed successfully" will appear in the Programs/Result section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs as recommended by Secunia.

Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:
 
Firefox,

Opera, and

Chrome.
 
All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial HERE which will help you to make IE MUCH safer.

These browser add-ons will help to make your browser safer:

Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

Available for Firefox and Internet Explorer.

Green to go,
Yellow for caution, and
Red to stop.


Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

These are just a couple of the most popular add-ons, if you're interested in more, take a look at THIS article.

Here a couple of links by two security experts that will give some excellent tips and advice.

So how did I get infected in the first place by Tony Klein

How to prevent Malware by Miekiemoes

Finally this link HERE will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

Let me know when you are OK for your thread to be closed out,

Take care,

Kevin....





Offline sirk8556

  • Bronze Member
  • Posts: 36
Re: [Resolved K] suspected pop up virus not being detected by titanium
« Reply #22 on: December 15, 2011, 07:32:22 pm »
ok thank you very much for you help kevin, i think you did a great job in taking care of my problem, i should be fine now  :ty

Offline sirk8556

  • Bronze Member
  • Posts: 36
Re: [Resolved K] suspected pop up virus not being detected by titanium
« Reply #23 on: December 15, 2011, 08:41:51 pm »
actually hold on i got another advertisment popup that doesnt want me to close it =/

here is a snapshot of it, this isnt very normal for my computer but i cant tell if the adware is gone or not now.


Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7342
Re: [Resolved K] suspected pop up virus not being detected by titanium
« Reply #24 on: December 16, 2011, 02:10:52 am »
I see you are using Firefox, do this Select > Tools > Options > Contenet tab > Is "block popup windows" selected?  If it is re-open Malwarebytes, check for updates then do a quick scan. Post that log. Next,

We need to see some additional information about what is happening in your machine.
Please perform the following scan:
  • Download DDS by sUBs from one of the following links.  Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.   
  • When done, DDS will open two (2) logs

         1. DDS.txt
         2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.

 
  • Instead of attaching, please copy/past both logs into your next reply.
  • Close the program window, and delete the program from your desktop.
Please note:  You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE

Kevin

Offline sirk8556

  • Bronze Member
  • Posts: 36
Re: [Resolved K] suspected pop up virus not being detected by titanium
« Reply #25 on: December 16, 2011, 08:50:35 pm »
alrighty i checked the pop up blocking options in the tools and pop up blocker was set to on. i have attached a picture showing these settings, malwarebytes did not pick up anything, here are the logs you requested

malwarebytes:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8383

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/16/2011 6:43:51 PM
mbam-log-2011-12-16 (18-43-51).txt

Scan type: Quick scan
Objects scanned: 177769
Time elapsed: 3 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

dds: .
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_29
Run by Omador at 18:45:11 on 2011-12-16
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2980.1991 [GMT -8:00]
.
AV: Trend Micro Titanium Internet Security *Enabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\ASUS\AAHM\1.00.14\aaHMSvc.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsBCLK.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - c:\program files\devicevm\browser configuration utility\AddressBarSearch.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\1.5.1504\6.6.1088\TmIEPlg.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Trend Micro Titanium] "c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe" -set Silent "1" SplashURL ""
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [OE] "c:\program files\trend micro\titanium\plugin\tmas\tmas_oe\TMAS_OEMon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTuner.exe" /S
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [BCU] "c:\program files\devicevm\browser configuration utility\BCU.exe"
mRun: [NUSB3MON] "c:\program files\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [RC TweakIt Server Execute] "c:\program files\asus\asus rog connect plus\rc tweakit server\AsBCLK.exe"
mRun: [GPU TweakIt Server Execute] "c:\program files\asus\asus rog connect plus\gpu tweakit server\GPUTweakit.exe"
mRun: [ASUSWebStorage] c:\program files\asus\asus webstorage\3.0.94.193\AsusWSPanel.exe /S
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3100v2\WNDA3100v2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sonicc~1.lnk - c:\program files\common files\sonic shared\CineTray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: %SYSTEMROOT%\system32\nvLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{0AD68499-3567-422C-AD0D-E79D34BF2281} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D5E84AA8-8172-4C8F-B61F-379623099CE7} : DhcpNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\1.5.1504\6.6.1088\TmIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\omador\application data\mozilla\firefox\profiles\vcrrsih4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.xp-waste.com/portal.php
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - component: c:\documents and settings\omador\application data\mozilla\firefox\profiles\vcrrsih4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
FF - component: c:\documents and settings\omador\application data\mozilla\firefox\profiles\vcrrsih4.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\omador\application data\mozilla\firefox\profiles\vcrrsih4.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}\components\RadioWMPCoreGecko5.dll
FF - component: c:\documents and settings\omador\application data\mozilla\firefox\profiles\vcrrsih4.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}\components\RadioWMPCoreGecko6.dll
FF - component: c:\documents and settings\omador\application data\mozilla\firefox\profiles\vcrrsih4.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}\components\RadioWMPCoreGecko7.dll
FF - component: c:\documents and settings\omador\application data\mozilla\firefox\profiles\vcrrsih4.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}\components\RadioWMPCoreGecko8.dll
FF - component: c:\documents and settings\omador\application data\mozilla\firefox\profiles\vcrrsih4.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}\components\RadioWMPCoreGecko9.dll
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - component: c:\program files\trend micro\amsp\module\20004\1.5.1504\6.6.1088\firefoxextension\components\TmFFEx6.dll
FF - component: c:\program files\trend micro\amsp\module\20004\1.5.1504\6.6.1088\firefoxextension\components\TmFFExt.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: RuneScape Community Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - %profile%\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Trend Micro NSC Firefox Extension: {22C7F6C6-8D67-4534-92B5-529A0EC09405} - c:\program files\trend micro\amsp\module\20004\1.5.1504\6.6.1088\firefoxextension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys [2010-11-21 266544]
R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2011-2-13 188272]
R2 asHmComSvc;ASUS HM Com Service;c:\program files\asus\aahm\1.00.14\aaHMSvc.exe [2011-11-24 915584]
R2 BCUService;Browser Configuration Utility Service;c:\program files\devicevm\browser configuration utility\BCUService.exe [2009-10-26 223464]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-11-24 22504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-13 366152]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-2-13 64080]
R2 WSWNDA3100;WSWNDA3100;c:\program files\netgear\wnda3100v2\WifiSvc.exe [2011-2-13 278528]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [2011-2-13 632576]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-13 22216]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-11-23 41088]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-12-9 62336]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-12-9 141440]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.11\AsSysCtrlService.exe [2011-11-24 586880]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-8 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-11-23 1691480]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2001-12-31 39424]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-8 136176]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2002-1-1 105984]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2011-2-13 50704]
S3 StreamSurge;StreamSurge Driver (miniport);c:\windows\system32\drivers\ss.sys --> c:\windows\system32\drivers\ss.sys [?]
.
=============== Created Last 30 ================
.
2011-12-16 01:41:14   --------   d-----w-   c:\documents and settings\all users\application data\McAfee Security Scan
2011-12-16 01:41:12   --------   d-----w-   c:\program files\McAfee Security Scan
2011-12-16 01:31:12   --------   d-----w-   c:\documents and settings\omador\application data\WinPatrol
2011-12-16 01:31:06   --------   d-----w-   c:\program files\BillP Studios
2011-12-16 01:31:06   --------   d-----w-   c:\documents and settings\all users\application data\InstallMate
2011-12-14 07:03:27   --------   d-----w-   c:\documents and settings\omador\application data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-12-14 06:58:42   --------   d-----w-   c:\documents and settings\omador\application data\PDAppFlex
2011-12-14 03:57:41   --------   d-----w-   c:\documents and settings\all users\application data\regid.1986-12.com.adobe
2011-12-14 03:26:45   --------   d-----w-   c:\documents and settings\omador\Adobe Dreamweaver CS5.5
2011-12-14 03:26:11   --------   d-----w-   c:\documents and settings\omador\application data\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-12-14 03:26:10   --------   d-----w-   c:\program files\Adobe Download Assistant
2011-12-13 22:12:17   --------   d-----w-   c:\documents and settings\omador\application data\Malwarebytes
2011-12-13 22:12:12   --------   d-----w-   c:\documents and settings\all users\application data\Malwarebytes
2011-12-13 22:12:09   22216   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-12-13 22:12:09   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-12-13 21:31:44   111872   ----a-w-   c:\windows\system32\drivers\TrueSight.sys
2011-12-13 03:33:21   388096   ----a-r-   c:\documents and settings\omador\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-12-13 00:12:44   --------   d-----w-   c:\program files\Rovio
2011-12-11 03:38:55   --------   d-----w-   c:\program files\Yahoo!
2011-12-02 04:40:06   2106216   ----a-w-   c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-12-02 04:40:06   1998168   ----a-w-   c:\program files\mozilla firefox\d3dx9_43.dll
2011-12-02 04:40:06   134104   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
2011-12-02 04:40:05   89048   ----a-w-   c:\program files\mozilla firefox\libEGL.dll
2011-12-02 04:40:05   478168   ----a-w-   c:\program files\mozilla firefox\libGLESv2.dll
2011-12-02 04:40:05   15832   ----a-w-   c:\program files\mozilla firefox\mozalloc.dll
2011-12-02 04:40:04   801752   ----a-w-   c:\program files\mozilla firefox\mozsqlite3.dll
2011-12-02 04:40:04   1989592   ----a-w-   c:\program files\mozilla firefox\mozjs.dll
2011-11-28 01:26:50   --------   d-----w-   c:\documents and settings\omador\application data\Sublime Text 2
2011-11-28 01:26:44   --------   d-----w-   c:\program files\Sublime Text 2
2011-11-25 03:24:40   8192   -c--a-w-   c:\windows\system32\dllcache\wshirda.dll
2011-11-25 03:24:40   8192   ----a-w-   c:\windows\system32\wshirda.dll
2011-11-25 03:24:40   28160   -c--a-w-   c:\windows\system32\dllcache\irmon.dll
2011-11-25 03:24:40   28160   ----a-w-   c:\windows\system32\irmon.dll
2011-11-25 03:24:40   151552   -c--a-w-   c:\windows\system32\dllcache\irftp.exe
2011-11-25 03:24:40   151552   ----a-w-   c:\windows\system32\irftp.exe
2011-11-24 22:41:49   22504   ----a-w-   c:\windows\system32\drivers\cpuz135_x32.sys
2011-11-24 22:41:47   --------   d-----w-   c:\program files\CPUID
2011-11-24 22:41:42   --------   d-----w-   c:\documents and settings\omador\application data\ASUS WebStorage
2011-11-24 22:37:33   192512   ----a-w-   c:\windows\system32\drivers\UpdateHelper.dll
2011-11-24 22:10:32   --------   d-----w-   c:\windows\AsusInstAll
2011-11-24 08:03:07   --------   d-----w-   c:\program files\Marvell
2011-11-24 08:03:04   --------   d-----w-   C:\RaidTool
2011-11-24 08:03:03   104024   ----a-r-   c:\windows\system32\drivers\jraid.sys
2011-11-24 08:03:01   --------   d-----w-   c:\windows\RaidTool
2011-11-24 08:02:27   --------   d-----w-   c:\program files\Renesas Electronics
2011-11-24 08:01:57   --------   d--h--w-   c:\program files\DeviceVM
2011-11-24 07:54:42   359016   ----a-w-   c:\windows\vncutil.exe
2011-11-24 07:54:38   56936   ----a-w-   c:\windows\system32\RtkCoInstXP.dll
2011-11-24 07:54:38   129640   ----a-w-   c:\windows\RtkAudioService.exe
2011-11-24 07:54:25   1395800   ----a-w-   c:\windows\system32\drivers\Monfilt.sys
2011-11-24 07:54:22   1691480   ----a-w-   c:\windows\system32\drivers\Ambfilt.sys
2011-11-24 07:54:06   8192   ----a-w-   c:\windows\system32\drivers\IntelMEFWVer.dll
2011-11-24 07:53:59   41088   ----a-w-   c:\windows\system32\drivers\HECI.sys
2011-11-24 07:53:59   319456   ----a-w-   c:\windows\system32\difxapi.dll
2011-11-24 07:52:54   --------   d-----w-   c:\windows\system32\XPSViewer
2011-11-24 07:52:29   89088   ----a-w-   c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-11-24 07:52:09   89088   -c----w-   c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-11-24 07:52:09   597504   -c----w-   c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-11-24 07:52:09   597504   ------w-   c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-11-24 07:52:09   575488   -c----w-   c:\windows\system32\dllcache\xpsshhdr.dll
2011-11-24 07:52:09   575488   ------w-   c:\windows\system32\xpsshhdr.dll
2011-11-24 07:52:09   1676288   -c----w-   c:\windows\system32\dllcache\xpssvcs.dll
2011-11-24 07:52:09   1676288   ------w-   c:\windows\system32\xpssvcs.dll
2011-11-24 07:52:09   117760   ------w-   c:\windows\system32\prntvpt.dll
2011-11-24 07:52:09   --------   d-----w-   C:\17dac274117d6e5e79fcbc352da535a6
2011-11-24 07:45:16   53248   ----a-r-   c:\windows\system32\CSVer.dll
2011-11-24 07:42:50   12160   -c--a-w-   c:\windows\system32\dllcache\mouhid.sys
2011-11-24 07:42:50   12160   ----a-w-   c:\windows\system32\drivers\mouhid.sys
2011-11-24 07:42:46   14592   -c--a-w-   c:\windows\system32\dllcache\kbdhid.sys
2011-11-24 07:42:46   14592   ----a-w-   c:\windows\system32\drivers\kbdhid.sys
2011-11-24 07:32:43   724992   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\00\intel32\iKernel.dll
2011-11-24 07:32:43   69715   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\00\intel32\ctor.dll
2011-11-24 07:32:43   5632   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\00\intel32\DotNetInstaller.exe
2011-11-24 07:32:43   266240   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\00\intel32\iscript.dll
2011-11-24 07:32:43   192512   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\00\intel32\iuser.dll
2011-11-24 07:32:40   184452   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\00\intel32\iGdi.dll
2011-11-24 07:32:38   311428   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\00\intel32\Setup.dll
2011-11-24 07:23:44   8832   ----a-w-   c:\windows\system32\drivers\wmiacpi.sys
.
==================== Find3M  ====================
.
2011-12-11 03:41:24   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-24 07:24:46   240592   ----a-w-   c:\windows\system32\nvdrsdb0.bin
2011-11-24 07:24:46   1   ----a-w-   c:\windows\system32\nvdrssel.bin
2011-11-24 07:24:41   240592   ----a-w-   c:\windows\system32\nvdrsdb1.bin
2011-10-03 12:06:03   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-10-03 09:37:52   73728   ----a-w-   c:\windows\system32\javacpl.cpl
.
============= FINISH: 18:45:33.60 ===============

attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/7/2010 11:18:15 PM
System Uptime: 12/16/2011 6:08:53 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | Maximus IV Extreme-Z
Processor: Intel Pentium III Xeon processor | LGA1155 | 3310/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 371.433 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Video Controller
Device ID: PCI\VEN_8086&DEV_0112&SUBSYS_844D1043&REV_09\3&11583659&0&10
Manufacturer:
Name: Video Controller
PNP Device ID: PCI\VEN_8086&DEV_0112&SUBSYS_844D1043&REV_09\3&11583659&0&10
Service:
.
Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_8086&DEV_1503&SUBSYS_849C1043&REV_05\3&11583659&0&C8
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_8086&DEV_1503&SUBSYS_849C1043&REV_05\3&11583659&0&C8
Service:
.
Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_8086&DEV_150C&SUBSYS_84571043&REV_00\4&7A8E035&0&00E6
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_8086&DEV_150C&SUBSYS_84571043&REV_00\4&7A8E035&0&00E6
Service:
.
==== System Restore Points ===================
.
RP292: 9/17/2011 12:22:54 PM - System Checkpoint
RP293: 9/17/2011 3:08:43 PM - Installed Microsoft Office Enterprise 2007
RP294: 9/17/2011 3:12:45 PM - Printer Driver Send To Microsoft OneNote Driver Installed
RP295: 9/17/2011 3:53:47 PM - Software Distribution Service 3.0
RP296: 9/18/2011 12:01:42 AM - Software Distribution Service 3.0
RP297: 9/18/2011 1:10:17 AM - Software Distribution Service 3.0
RP298: 9/18/2011 11:16:32 AM - Software Distribution Service 3.0
RP299: 9/20/2011 5:11:22 PM - Restore Operation
RP300: 9/20/2011 7:31:14 PM - Software Distribution Service 3.0
RP301: 1/1/2002 12:00:54 AM - Installed Atheros Communications Inc.(R) L1 Gigabit Ethernet Dri
RP302: 1/1/2002 12:07:41 AM - Installed Realtek High Definition Audio Driver
RP303: 9/23/2011 9:46:32 PM - System Checkpoint
RP304: 9/25/2011 10:31:49 AM - System Checkpoint
RP305: 9/28/2011 5:08:46 PM - System Checkpoint
RP306: 9/29/2011 5:34:25 PM - Installed Angry Birds Rio
RP307: 10/3/2011 5:16:26 PM - System Checkpoint
RP308: 10/5/2011 5:43:18 PM - System Checkpoint
RP309: 10/7/2011 5:24:59 PM - System Checkpoint
RP310: 10/8/2011 8:57:13 PM - System Checkpoint
RP311: 10/9/2011 9:57:25 PM - System Checkpoint
RP312: 10/10/2011 10:11:09 PM - System Checkpoint
RP313: 10/13/2011 4:57:56 PM - System Checkpoint
RP314: 10/14/2011 8:11:13 PM - System Checkpoint
RP315: 10/15/2011 8:58:51 PM - System Checkpoint
RP316: 10/16/2011 10:40:40 PM - System Checkpoint
RP317: 10/18/2011 5:31:49 PM - System Checkpoint
RP318: 10/19/2011 5:39:58 PM - System Checkpoint
RP319: 10/21/2011 6:08:13 PM - System Checkpoint
RP320: 10/22/2011 10:07:52 PM - System Checkpoint
RP321: 10/24/2011 7:25:33 PM - Installed Java(TM) 6 Update 29
RP322: 10/25/2011 7:33:25 PM - System Checkpoint
RP323: 10/26/2011 7:20:11 PM - Removed RuneScape Launcher 1.0.4
RP324: 10/26/2011 7:20:45 PM - Installed RuneScape Launcher 1.1
RP325: 10/28/2011 5:11:57 PM - System Checkpoint
RP326: 10/31/2011 5:17:36 PM - System Checkpoint
RP327: 11/1/2011 5:42:40 PM - System Checkpoint
RP328: 11/5/2011 10:24:48 AM - System Checkpoint
RP329: 11/6/2011 8:06:21 PM - System Checkpoint
RP330: 11/7/2011 9:40:01 PM - System Checkpoint
RP331: 11/8/2011 10:07:45 PM - System Checkpoint
RP332: 11/9/2011 7:29:19 PM - Removed Angry Birds Rio
RP333: 11/9/2011 7:29:53 PM - Installed Angry Birds Rio
RP334: 11/23/2011 11:33:08 PM - Installed Plug9
RP335: 11/23/2011 11:52:14 PM - Installed Windows KB954550-v5.
RP336: 11/23/2011 11:52:26 PM - Printer Driver Microsoft XPS Document Writer Installed
RP337: 11/23/2011 11:52:32 PM - Printer Driver Microsoft XPS Document Writer Installed
RP338: 11/23/2011 11:54:20 PM - Installed Realtek High Definition Audio Driver
RP339: 11/24/2011 12:02:24 AM - Installed Renesas Electronics USB 3.0 Host Controller Driver
RP340: 11/24/2011 12:03:01 AM - Installed JMicron JMB36X Driver
RP341: 11/24/2011 9:14:45 AM - Removed RuneScape Launcher 1.1
RP342: 11/24/2011 9:16:22 AM - Installed RuneScape Launcher 1.2
RP343: 11/24/2011 2:09:31 PM - Removed AI Suite
RP344: 11/24/2011 2:37:28 PM - Installed ASUS ROG Connect Plus
RP345: 11/26/2011 12:06:52 PM - System Checkpoint
RP346: 11/27/2011 12:59:12 PM - System Checkpoint
RP347: 11/28/2011 5:57:55 PM - System Checkpoint
RP348: 11/29/2011 9:18:07 PM - System Checkpoint
RP349: 12/1/2011 5:16:35 PM - System Checkpoint
RP350: 12/2/2011 7:21:50 PM - System Checkpoint
RP351: 12/4/2011 2:09:57 PM - System Checkpoint
RP352: 12/6/2011 8:51:01 PM - System Checkpoint
RP353: 12/8/2011 9:16:00 PM - Removed AI Suite
RP354: 12/8/2011 9:16:31 PM - Installed AI Suite
RP355: 12/10/2011 11:19:58 AM - System Checkpoint
RP356: 12/11/2011 3:02:05 PM - System Checkpoint
RP357: 12/12/2011 4:12:16 PM - Removed Angry Birds Rio
RP358: 12/12/2011 4:12:42 PM - Installed Angry Birds Rio
RP359: 12/12/2011 7:33:18 PM - Installed HiJackThis
RP360: 12/13/2011 8:10:29 PM - System Checkpoint
RP361: 12/14/2011 5:24:40 PM - OTL Restore Point - 12/14/2011 5:24:38 PM
RP362: 12/15/2011 6:17:44 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Dreamweaver CS5.5
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.1)
Adobe Widget Browser
Angry Birds Rio
ASUS ROG Connect Plus
ASUS WebStorage
Atheros Communications Inc.(R) L1 Gigabit Ethernet Driver
AutoHotkey 1.1.05.00
Browser Configuration Utility
Chessmaster
CPUID ROG CPU-Z 1.57.2
EasyBits GO
File Type Assistant
Final Media Player 2011
Google Chrome
Google Earth Plug-in
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB981793)
HTML and XHTML Step by Step
HyperCam 2
Intel(R) Management Engine Components
InterActual Player
Java Auto Updater
Java(TM) 6 Update 29
JMicron JMB36X Driver
Malwarebytes' Anti-Malware version 1.51.2.1300
McAfee Security Scan Plus
MemTweakIt 1.01.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 8.0.1 (x86 en-US)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter
Notepad++
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA Graphics Driver 260.99
NVIDIA Install Application
NVIDIA nView 135.36
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
Pando Media Booster
Quake
Quake 4(TM)
Quake II(TM)
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
RuneScape Launcher 1.2
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Skype Click to Call
Skype™ 5.5
Sonic CinePlayer DVD Pack
StarCraft
Steam
Sublime Text 2 Build 2139
The Elder Scrolls IV: Oblivion
Tom Clancy's Rainbow Six Vegas
Trend Micro Titanium Internet Security
Trend Micro™ Titanium™ Internet Security
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Ventrilo Client
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinPatrol
Yahoo! Detect
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
12/15/2011 3:08:28 PM, error: Service Control Manager [7034]  - The Yahoo! Updater service terminated unexpectedly.  It has done this 1 time(s).
12/15/2011 3:08:28 PM, error: Service Control Manager [7034]  - The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
12/15/2011 3:08:28 PM, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).
12/15/2011 3:08:28 PM, error: Service Control Manager [7034]  - The ForceWare IP service service terminated unexpectedly.  It has done this 1 time(s).
12/15/2011 3:08:28 PM, error: Service Control Manager [7034]  - The ForceWare Intelligent Application Manager (IAM) service terminated unexpectedly.  It has done this 1 time(s).
12/15/2011 3:08:28 PM, error: Service Control Manager [7034]  - The Browser Configuration Utility Service service terminated unexpectedly.  It has done this 1 time(s).
12/15/2011 3:08:28 PM, error: Service Control Manager [7034]  - The ASUS HM Com Service service terminated unexpectedly.  It has done this 1 time(s).
12/15/2011 3:08:28 PM, error: Service Control Manager [7031]  - The WSWNDA3100 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/13/2011 2:25:23 PM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.
12/13/2011 2:25:20 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  nvgts
12/11/2011 10:03:10 PM, error: Service Control Manager [7034]  - The ASUS System Control Service service terminated unexpectedly.  It has done this 1 time(s).
12/11/2011 10:03:08 PM, error: Service Control Manager [7000]  - The Parallel port driver service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
==== End Of File ===========================



Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7342
Re: [Resolved K] suspected pop up virus not being detected by titanium
« Reply #26 on: December 17, 2011, 09:02:15 am »
You have RuneScape Launcher 1.2 installed, this adds an extension to Firefox that is suggested to be very untrustworthy, do the following:

Please download OTM by OldTimer.
Alternative Mirror 1
Alternative Mirror 2 
Save it to your desktop.
Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator
  • Copy the text between the dotted lines below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    -------------------------------------------------------------------

    ipconfig /flushdns /c
    c:\documents and settings\omador\application data\mozilla\firefox\profiles\vcrrsih4.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}
    :Commands
    [EmptyTemp]
    [reboot]
     

    ---------------------------------------------------------------------

  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

See if that has helped with the FF issue..

Kevin

Offline sirk8556

  • Bronze Member
  • Posts: 36
Re: [Resolved K] suspected pop up virus not being detected by titanium
« Reply #27 on: December 18, 2011, 12:13:12 pm »
here is the log you requested, sorry for such a late response


All processes killed
Error: Unable to interpret <ipconfig /flushdns /c> in the current context!
Error: Unable to interpret <c:\documents and settings\omador\application data\mozilla\firefox\profiles\vcrrsih4.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}> in the current context!
========== COMMANDS ==========
 


[EMPTYTEMP]
 
User: Administrator
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Administrator.CHRIS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Omador
->Temp folder emptied: 1316147 bytes
->Temporary Internet Files folder emptied: 1515181 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 143007748 bytes
->Google Chrome cache emptied: 8619678 bytes
->Flash cache emptied: 2570 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 100546 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 609513 bytes
 
Total Files Cleaned = 148.00 mb
 
 
OTM by OldTimer - Version 3.1.19.0 log created on 12182011_100743

Files moved on Reboot...

Registry entries deleted on Reboot...

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7342
Re: [Resolved K] suspected pop up virus not being detected by titanium
« Reply #28 on: December 18, 2011, 12:25:43 pm »
Apologies I gave you the wrong syntax for OTM, need to run that again.

Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator
  • Copy the text between the dotted lines below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    -------------------------------------------------------------------
    :Files
    ipconfig /flushdns /c
    c:\documents and settings\omador\application data\mozilla\firefox\profiles\vcrrsih4.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}
    :Commands
    [EmptyTemp]
    [reboot]
    ---------------------------------------------------------------------

  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Offline sirk8556

  • Bronze Member
  • Posts: 36
Re: [Resolved K] suspected pop up virus not being detected by titanium
« Reply #29 on: December 18, 2011, 10:53:19 pm »
ok here is the information you requested:

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Omador\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Omador\Desktop\cmd.txt deleted successfully.
c:\documents and settings\omador\application data\mozilla\firefox\profiles\vcrrsih4.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}\searchplugin folder moved successfully.
c:\documents and settings\omador\application data\mozilla\firefox\profiles\vcrrsih4.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}\modules folder moved successfully.
c:\documents and settings\omador\application data\mozilla\firefox\profiles\vcrrsih4.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}\META-INF folder moved successfully.
c:\documents and settings\omador\application data\mozilla\firefox\profiles\vcrrsih4.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}\defaults folder moved successfully.
c:\documents and settings\omador\application data\mozilla\firefox\profiles\vcrrsih4.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}\components folder moved successfully.
c:\documents and settings\omador\application data\mozilla\firefox\profiles\vcrrsih4.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}\chrome folder moved successfully.
c:\documents and settings\omador\application data\mozilla\firefox\profiles\vcrrsih4.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3} folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Administrator.CHRIS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Omador
->Temp folder emptied: 943305 bytes
->Temporary Internet Files folder emptied: 65213 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 52045419 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 841 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 34022 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 51.00 mb
 
 
OTM by OldTimer - Version 3.1.19.0 log created on 12182011_204839

Files moved on Reboot...
File C:\WINDOWS\temp\Perflib_Perfdata_628.dat not found!

Registry entries deleted on Reboot...