Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: trojan? I think. please help  (Read 4706 times)

0 Members and 1 Guest are viewing this topic.

jessiowen78

    Topic Starter


    Newbie

    • Experience: Beginner
    • OS: Windows Vista
    trojan? I think. please help
    « on: September 06, 2012, 11:51:45 PM »
    this mess began about a week ago and I can't get microsoft. to help at all.  I ran all the scan you guys suggested and here they are.


    ********************************************************************
    # AdwCleaner v2.000 - Logfile created 09/06/2012 at 23:19:14
    # Updated 30/08/2012 by Xplode
    # Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
    # User : jessica - JESSICA-PC
    # Boot Mode : Normal
    # Running from : C:\Users\jessica\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    [OK] Registry is clean.

    *************************

    AdwCleaner[R1].txt - [903 octets] - [06/09/2012 13:20:43]
    AdwCleaner[R2].txt - [962 octets] - [06/09/2012 13:41:57]
    AdwCleaner[S1].txt - [1460 octets] - [06/09/2012 13:42:50]
    AdwCleaner[R3].txt - [835 octets] - [06/09/2012 23:18:02]
    AdwCleaner[S2].txt - [767 octets] - [06/09/2012 23:19:14]

    ########## EOF - C:\AdwCleaner[S2].txt - [826 octets] ##########


    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

    2012/09/07 00:02:20 -0500   JESSICA-PC   jessica   MESSAGE   Starting protection
    2012/09/07 00:02:24 -0500   JESSICA-PC   jessica   MESSAGE   Protection started successfully


    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.09.07.04

    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    jessica :: JESSICA-PC [administrator]

    Protection: Disabled

    9/6/2012 11:56:38 PM
    mbam-log-2012-09-06 (23-56-38).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 197360
    Time elapsed: 1 minute(s), 47 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by jessica at 0:10:09 on 2012-09-07
    .
    ============== Running Processes ===============
    .
    C:\Windows\SysWow64\NOTEPAD.EXE
    C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    C:\Program Files (x86)\SMINST\BLService.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\SysWow64\perfhost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\users\jessica\desktop\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\SysWow64\NOTEPAD.EXE
    C:\Users\jessica\Desktop\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uWindow Title = Internet Explorer, optimized for Bing and MSN
    BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No File
    BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
    BHO: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - No File
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    mRun: [Malwarebytes' Anti-Malware] "C:\users\jessica\desktop\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRunOnce: [Malwarebytes Anti-Malware] C:\users\jessica\desktop\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    TCP: DhcpNameServer = 69.6.190.10 69.6.190.11
    TCP: Interfaces\{5950291B-30EB-4DF1-874F-82261CF62023} : DhcpNameServer = 69.6.190.10 69.6.190.11
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No File
    BHO-X64:     Search Helper - No File
    BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
    BHO-X64: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - No File
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\users\jessica\desktop\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRunOnce-x64: [Malwarebytes Anti-Malware] C:\users\jessica\desktop\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    .
    ============= SERVICES / DRIVERS ===============
    .
    R? clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64
    R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
    R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
    R? fssfltr;fssfltr
    R? fsssvc;Windows Live Family Safety Service
    R? hpsrv;HP Service
    R? JMCR;JMCR
    R? NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit
    R? Norton Internet Security;Norton Internet Security
    R? wlcrasvc;Windows Live Mesh remote connections service
    R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
    R? yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller
    S? {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49}
    S? enecir;ENE CIR Receiver
    S? FontCache;Windows Font Cache Service
    S? MBAMProtector;MBAMProtector
    S? MBAMService;MBAMService
    S? PerfHost;Performance Counter DLL Host
    S? Recovery Service for Windows;Recovery Service for Windows
    S? usbfilter;AMD USB Filter Driver
    .
    =============== File Associations ===============
    .
    inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
    inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
    JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
    VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2012-09-07 04:55:14   24904   ----a-w-   C:\Windows\System32\drivers\mbam.sys
    2012-09-07 03:16:46   9310152   ------w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
    2012-09-06 18:29:07   --------   d-----w-   C:\Users\jessica\AppData\Roaming\Malwarebytes
    2012-09-06 18:28:20   --------   d-----w-   C:\ProgramData\Malwarebytes
    2012-09-06 18:13:59   --------   d-----w-   C:\Program Files\CCleaner
    2012-09-06 05:46:11   --------   d-----w-   C:\MATS
    2012-09-06 03:15:05   --------   d-----w-   C:\efb03efe811cee36e7e731fafad93b99
    2012-09-06 00:53:47   --------   d-----w-   C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
    2012-09-06 00:53:46   --------   d-----w-   C:\ProgramData\{6F2F3866-38AD-4f48-852C-2FF5DE7A7588}
    2012-09-05 21:48:47   --------   d-----w-   C:\ProgramData\IObit
    2012-09-05 21:45:53   --------   d-----w-   C:\Users\jessica\AppData\Roaming\IObit
    2012-09-05 21:45:48   --------   d-----w-   C:\Program Files (x86)\IObit
    2012-09-05 15:00:58   --------   d-sh--w-   C:\$RECYCLE.BIN
    2012-09-05 14:14:56   98816   ----a-w-   C:\Windows\sed.exe
    2012-09-05 14:14:56   256000   ----a-w-   C:\Windows\PEV.exe
    2012-09-03 18:15:44   --------   d-----w-   C:\Windows\pss
    2012-09-03 11:56:13   --------   d-----w-   C:\Users\jessica\AppData\Local\Seven Zip
    2012-09-03 11:55:12   --------   d-----w-   C:\Users\jessica\AppData\Local\Adobe
    2012-09-03 03:39:00   --------   d-----w-   C:\Users\jessica\AppData\Local\Microsoft Help
    2012-09-03 02:03:30   --------   d-----w-   C:\Users\jessica\SecurityScans
    2012-09-03 01:58:22   --------   d-----w-   C:\Program Files\Microsoft Baseline Security Analyzer 2
    2012-09-02 13:30:01   --------   d-----w-   C:\Users\jessica\AppData\Local\Apps
    2012-09-01 23:59:18   --------   d-----w-   C:\Program Files\Microsoft Security Client
    2012-08-31 16:08:49   --------   d-----w-   C:\Users\jessica\AppData\Roaming\hpqLog
    2012-08-31 14:52:54   --------   d-----w-   C:\Windows\System32\wbem\repository
    2012-08-31 14:49:33   --------   d-----w-   C:\Repository
    2012-08-30 01:51:45   --------   d-----w-   C:\Program Files (x86)\Cirrus Casino
    2012-08-29 14:44:47   --------   d-----w-   C:\Users\jessica\Incomplete
    2012-08-29 14:39:53   --------   d-----w-   C:\Users\jessica\AppData\Roaming\MP3Rocket
    2012-08-29 14:39:48   --------   d-----w-   C:\Program Files (x86)\MP3 Rocket
    2012-08-28 04:25:34   477168   ----a-w-   C:\Windows\SysWow64\npdeployJava1.dll
    2012-08-28 04:25:34   473072   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
    2012-08-27 15:29:25   --------   d-----w-   C:\Users\jessica\AppData\Local\BetOnSoft
    2012-08-27 04:41:08   --------   d-----w-   C:\Users\jessica\AppData\Local\ElevatedDiagnostics
    2012-08-26 00:31:48   --------   d-----w-   C:\Program Files (x86)\Lucky18 Casino
    2012-08-25 23:31:01   --------   d--h--w-   C:\Windows\msdownld.tmp
    2012-08-25 23:09:47   345984   ----a-w-   C:\Windows\System32\drivers\netio.sys
    2012-08-25 22:42:27   --------   d-----w-   C:\Windows\en
    2012-08-25 22:37:40   48488   ----a-w-   C:\Windows\System32\drivers\fssfltr.sys
    2012-08-25 22:36:36   69464   ----a-w-   C:\Windows\SysWow64\XAPOFX1_3.dll
    2012-08-25 22:36:36   515416   ----a-w-   C:\Windows\SysWow64\XAudio2_5.dll
    2012-08-25 22:36:35   523088   ----a-w-   C:\Windows\System32\d3dx10_42.dll
    2012-08-25 22:36:35   453456   ----a-w-   C:\Windows\SysWow64\d3dx10_42.dll
    2012-08-25 22:32:04   15712   ----a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\73718ee01cd83110f\MeshBetaRemover.exe
    2012-08-25 22:31:38   94040   ----a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\63de6fc01cd831108\DSETUP.dll
    2012-08-25 22:31:38   525656   ----a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\63de6fc01cd831108\DXSETUP.exe
    2012-08-25 22:31:38   1691480   ----a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\63de6fc01cd831108\dsetup32.dll
    2012-08-25 22:31:36   94040   ----a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\623459a01cd831107\DSETUP.dll
    2012-08-25 22:31:36   525656   ----a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\623459a01cd831107\DXSETUP.exe
    2012-08-25 22:31:36   1691480   ----a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\623459a01cd831107\dsetup32.dll
    2012-08-25 22:14:14   --------   d-----w-   C:\Users\jessica\AppData\Local\Windows Live
    2012-08-25 22:13:07   754688   ----a-w-   C:\Windows\SysWow64\webservices.dll
    2012-08-25 22:13:07   1103872   ----a-w-   C:\Windows\System32\webservices.dll
    2012-08-25 21:22:02   307200   ----a-w-   C:\Program Files (x86)\Internet Explorer\iediagcmd.exe
    2012-08-25 20:55:10   219648   ----a-w-   C:\Windows\SysWow64\d3d10_1core.dll
    2012-08-25 20:55:10   1556480   ----a-w-   C:\Windows\System32\DWrite.dll
    2012-08-25 20:55:10   1069056   ----a-w-   C:\Windows\SysWow64\DWrite.dll
    2012-08-25 20:55:09   327680   ----a-w-   C:\Windows\System32\d3d10_1core.dll
    2012-08-25 20:55:09   2002944   ----a-w-   C:\Windows\System32\d3d10warp.dll
    2012-08-25 20:55:09   1172480   ----a-w-   C:\Windows\SysWow64\d3d10warp.dll
    2012-08-25 20:55:08   834048   ----a-w-   C:\Windows\System32\d2d1.dll
    2012-08-25 20:55:08   683008   ----a-w-   C:\Windows\SysWow64\d2d1.dll
    2012-08-25 20:55:08   196096   ----a-w-   C:\Windows\System32\d3d10_1.dll
    2012-08-25 20:55:08   160768   ----a-w-   C:\Windows\SysWow64\d3d10_1.dll
    2012-08-25 20:55:06   876032   ----a-w-   C:\Windows\SysWow64\XpsPrint.dll
    2012-08-25 20:55:06   1653760   ----a-w-   C:\Windows\System32\XpsPrint.dll
    2012-08-25 20:39:14   --------   d-----w-   C:\Program Files (x86)\Windows Portable Devices
    2012-08-25 20:39:08   --------   d-----w-   C:\Program Files\Windows Portable Devices
    2012-08-25 20:38:16   --------   d-----w-   C:\Windows\SysWow64\spool
    2012-08-25 16:43:32   3584   ----a-w-   C:\Windows\System32\drivers\en-US\dxgkrnl.sys.mui
    2012-08-25 16:21:12   92672   ----a-w-   C:\Windows\SysWow64\UIAnimation.dll
    2012-08-25 16:21:12   103424   ----a-w-   C:\Windows\System32\UIAnimation.dll
    2012-08-25 16:21:11   1164800   ----a-w-   C:\Windows\System32\UIRibbonRes.dll
    2012-08-25 16:21:10   3815424   ----a-w-   C:\Windows\System32\UIRibbon.dll
    2012-08-25 16:21:10   3023360   ----a-w-   C:\Windows\SysWow64\UIRibbon.dll
    2012-08-25 16:21:10   1164800   ----a-w-   C:\Windows\SysWow64\UIRibbonRes.dll
    2012-08-25 15:42:41   288768   ----a-w-   C:\Windows\SysWow64\XpsGdiConverter.dll
    2012-08-25 15:42:40   479744   ----a-w-   C:\Windows\System32\XpsGdiConverter.dll
    2012-08-25 15:42:37   1149440   ----a-w-   C:\Windows\System32\FntCache.dll
    2012-08-25 15:40:48   2769408   ----a-w-   C:\Windows\System32\win32k.sys
    2012-08-25 15:38:48   85504   ----a-w-   C:\Windows\System32\csrsrv.dll
    2012-08-25 15:38:44   984064   ----a-w-   C:\Windows\SysWow64\crypt32.dll
    2012-08-25 15:38:44   98304   ----a-w-   C:\Windows\SysWow64\cryptnet.dll
    2012-08-25 15:38:44   174592   ----a-w-   C:\Windows\System32\cryptsvc.dll
    2012-08-25 15:38:44   133120   ----a-w-   C:\Windows\SysWow64\cryptsvc.dll
    2012-08-25 15:38:44   132096   ----a-w-   C:\Windows\System32\cryptnet.dll
    2012-08-25 15:38:44   1267200   ----a-w-   C:\Windows\System32\crypt32.dll
    2012-08-25 15:38:18   788480   ----a-w-   C:\Windows\System32\localspl.dll
    2012-08-25 15:38:18   623616   ----a-w-   C:\Windows\SysWow64\localspl.dll
    2012-08-25 15:38:12   76800   ----a-w-   C:\Windows\System32\packager.dll
    2012-08-25 15:38:12   66560   ----a-w-   C:\Windows\SysWow64\packager.dll
    2012-08-25 15:38:00   442368   ----a-w-   C:\Windows\System32\winhttp.dll
    2012-08-25 15:38:00   377344   ----a-w-   C:\Windows\SysWow64\winhttp.dll
    2012-08-25 15:36:41   48128   ----a-w-   C:\Windows\System32\mcicda.dll
    2012-08-25 15:25:46   72576   ----a-w-   C:\Windows\System32\drivers\partmgr.sys
    2012-08-25 15:24:24   4699520   ----a-w-   C:\Windows\System32\ntoskrnl.exe
    2012-08-25 15:22:20   708096   ----a-w-   C:\Windows\System32\rdpencom.dll
    2012-08-25 15:22:20   613376   ----a-w-   C:\Windows\SysWow64\rdpencom.dll
    2012-08-25 15:19:37   73216   ----a-w-   C:\Windows\System32\MSDvbNP.ax
    2012-08-25 15:19:37   69632   ----a-w-   C:\Windows\SysWow64\Mpeg2Data.ax
    2012-08-25 15:19:37   57856   ----a-w-   C:\Windows\SysWow64\MSDvbNP.ax
    2012-08-25 15:19:37   375808   ----a-w-   C:\Windows\System32\psisdecd.dll
    2012-08-25 15:19:37   293376   ----a-w-   C:\Windows\SysWow64\psisdecd.dll
    2012-08-25 15:19:37   289792   ----a-w-   C:\Windows\System32\psisrndr.ax
    2012-08-25 15:19:37   217088   ----a-w-   C:\Windows\SysWow64\psisrndr.ax
    2012-08-25 15:19:37   100352   ----a-w-   C:\Windows\System32\Mpeg2Data.ax
    2012-08-25 14:31:45   --------   d-----w-   C:\Windows\SysWow64\vi-VN
    2012-08-25 14:31:45   --------   d-----w-   C:\Windows\SysWow64\eu-ES
    2012-08-25 14:31:45   --------   d-----w-   C:\Windows\SysWow64\ca-ES
    2012-08-25 14:31:45   --------   d-----w-   C:\Windows\System32\eu-ES
    2012-08-25 14:31:45   --------   d-----w-   C:\Windows\System32\ca-ES
    2012-08-25 14:31:43   --------   d-----w-   C:\Windows\System32\vi-VN
    2012-08-25 14:23:14   595456   ------w-   C:\Windows\System32\stapi64.dll
    2012-08-25 13:54:42   --------   d-----w-   C:\Windows\System32\EventProviders
    2012-08-25 13:50:12   12240896   ----a-w-   C:\Windows\SysWow64\NlsLexicons0007.dll
    2012-08-25 13:50:12   12240896   ----a-w-   C:\Windows\System32\NlsLexicons0007.dll
    2012-08-25 13:50:03   710144   ----a-w-   C:\Windows\System32\SLCExt.dll
    2012-08-25 13:50:03   2582016   ----a-w-   C:\Windows\System32\SLsvc.exe
    2012-08-25 13:50:03   2146304   ----a-w-   C:\Windows\System32\FunctionDiscoveryFolder.dll
    2012-08-25 13:50:03   2134528   ----a-w-   C:\Windows\SysWow64\FunctionDiscoveryFolder.dll
    2012-08-25 13:50:01   2644480   ----a-w-   C:\Windows\SysWow64\NlsLexicons0009.dll
    2012-08-25 13:50:01   2644480   ----a-w-   C:\Windows\System32\NlsLexicons0009.dll
    2012-08-25 13:48:59   880640   ----a-w-   C:\Windows\SysWow64\RacEngn.dll
    2012-08-25 13:47:59   99840   ----a-w-   C:\Windows\SysWow64\ulib.dll
    2012-08-25 13:46:39   218624   ----a-w-   C:\Windows\SysWow64\wdscore.dll
    2012-08-25 13:46:32   247808   ----a-w-   C:\Windows\SysWow64\drvstore.dll
    2012-08-25 13:46:24   83968   ----a-w-   C:\Windows\SysWow64\wbem\wmiutils.dll
    2012-08-25 13:46:24   30208   ----a-w-   C:\Windows\SysWow64\wbem\wbemprox.dll
    2012-08-25 13:46:24   265728   ----a-w-   C:\Windows\SysWow64\wbem\esscli.dll
    2012-08-25 13:46:24   189440   ----a-w-   C:\Windows\SysWow64\wbem\mofd.dll
    2012-08-25 13:46:23   614912   ----a-w-   C:\Windows\SysWow64\wbem\fastprox.dll
    2012-08-25 13:45:45   891392   ----a-w-   C:\Windows\System32\wbem\fastprox.dll
    2012-08-25 13:45:45   43520   ----a-w-   C:\Windows\System32\wbem\wbemprox.dll
    2012-08-25 13:45:45   1172992   ----a-w-   C:\Windows\System32\wbem\wbemcore.dll
    2012-08-25 13:45:44   936448   ----a-w-   C:\Windows\System32\SmiEngine.dll
    2012-08-25 13:45:39   293888   ----a-w-   C:\Windows\System32\wdscore.dll
    2012-08-25 13:45:39   138752   ----a-w-   C:\Windows\System32\PkgMgr.exe
    2012-08-25 13:45:28   315904   ----a-w-   C:\Windows\System32\drvstore.dll
    2012-08-25 12:24:36   179712   ----a-w-   C:\Windows\System32\srvsvc.dll
    2012-08-25 12:24:35   9728   ----a-w-   C:\Windows\SysWow64\sscore.dll
    2012-08-25 12:24:35   17920   ----a-w-   C:\Windows\SysWow64\netevent.dll
    2012-08-25 12:24:35   17920   ----a-w-   C:\Windows\System32\netevent.dll
    2012-08-25 12:24:35   12288   ----a-w-   C:\Windows\System32\sscore.dll
    2012-08-25 11:43:22   28160   ----a-w-   C:\Windows\System32\drivers\en-US\http.sys.mui
    2012-08-25 11:26:38   4398360   ----a-w-   C:\Windows\System32\d3dx9_32.dll
    2012-08-25 11:26:38   3426072   ----a-w-   C:\Windows\SysWow64\d3dx9_32.dll
    2012-08-25 11:26:31   --------   d-----w-   C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2012-08-25 11:25:03   --------   d-----w-   C:\Program Files (x86)\Microsoft
    2012-08-25 11:08:05   --------   d-----w-   C:\Program Files (x86)\Common Files\Windows Live
    2012-08-25 11:07:40   --------   d-----w-   C:\Program Files\LSI SoftModem
    2012-08-25 10:46:45   99176   ----a-w-   C:\Windows\SysWow64\PresentationHostProxy.dll
    2012-08-25 10:46:45   49472   ----a-w-   C:\Windows\SysWow64\netfxperf.dll
    2012-08-25 10:46:45   444752   ----a-w-   C:\Windows\System32\mscoree.dll
    2012-08-25 10:46:45   320352   ----a-w-   C:\Windows\System32\PresentationHost.exe
    2012-08-25 10:46:45   297808   ----a-w-   C:\Windows\SysWow64\mscoree.dll
    2012-08-25 10:46:45   295264   ----a-w-   C:\Windows\SysWow64\PresentationHost.exe
    2012-08-25 10:46:45   1130824   ----a-w-   C:\Windows\SysWow64\dfshim.dll
    2012-08-25 10:46:45   109912   ----a-w-   C:\Windows\System32\PresentationHostProxy.dll
    2012-08-25 10:46:44   48960   ----a-w-   C:\Windows\System32\netfxperf.dll
    2012-08-25 10:46:44   1942856   ----a-w-   C:\Windows\System32\dfshim.dll
    2012-08-25 00:48:36   32768   ----a-w-   C:\Windows\System32\nshhttp.dll
    2012-08-25 00:48:36   24064   ----a-w-   C:\Windows\SysWow64\nshhttp.dll
    2012-08-25 00:48:34   620032   ----a-w-   C:\Windows\System32\drivers\http.sys
    2012-08-25 00:48:33   33792   ----a-w-   C:\Windows\System32\httpapi.dll
    2012-08-25 00:48:33   30720   ----a-w-   C:\Windows\SysWow64\httpapi.dll
    2012-08-25 00:21:31   50688   ----a-w-   C:\Windows\System32\rtutils.dll
    2012-08-25 00:21:31   36864   ----a-w-   C:\Windows\SysWow64\rtutils.dll
    2012-08-25 00:21:28   991104   ----a-w-   C:\Windows\System32\winresume.efi
    2012-08-25 00:21:28   979840   ----a-w-   C:\Windows\System32\winresume.exe
    2012-08-25 00:21:28   1076608   ----a-w-   C:\Windows\System32\winload.efi
    2012-08-25 00:21:28   1063296   ----a-w-   C:\Windows\System32\winload.exe
    2012-08-25 00:21:27   17792   ----a-w-   C:\Windows\System32\kdcom.dll
    2012-08-25 00:21:26   20864   ----a-w-   C:\Windows\System32\kdusb.dll
    2012-08-25 00:21:26   18816   ----a-w-   C:\Windows\System32\kd1394.dll
    2012-08-25 00:21:00   1486848   ----a-w-   C:\Program Files\Windows Media Player\setup_wm.exe
    2012-08-25 00:21:00   1418752   ----a-w-   C:\Program Files (x86)\Windows Media Player\setup_wm.exe
    2012-08-25 00:20:59   372736   ----a-w-   C:\Windows\System32\unregmp2.exe
    2012-08-25 00:20:59   310784   ----a-w-   C:\Windows\SysWow64\unregmp2.exe
    2012-08-25 00:20:02   450560   ----a-w-   C:\Windows\System32\drivers\srv.sys
    2012-08-25 00:17:36   656896   ----a-w-   C:\Windows\System32\kerberos.dll
    2012-08-25 00:17:35   499712   ----a-w-   C:\Windows\SysWow64\kerberos.dll
    2012-08-25 00:16:58   441856   ----a-w-   C:\Windows\System32\WSDApi.dll
    2012-08-25 00:16:58   355328   ----a-w-   C:\Windows\SysWow64\WSDApi.dll
    2012-08-25 00:16:55   818688   ----a-w-   C:\Windows\System32\WMSPDMOD.DLL
    2012-08-25 00:16:55   604672   ----a-w-   C:\Windows\SysWow64\WMSPDMOD.DLL
    2012-08-25 00:16:39   189952   ----a-w-   C:\Windows\System32\t2embed.dll
    2012-08-25 00:16:39   157184   ----a-w-   C:\Windows\SysWow64\t2embed.dll
    2012-08-25 00:16:26   280576   ----a-w-   C:\Windows\System32\rastls.dll
    2012-08-25 00:16:26   243712   ----a-w-   C:\Windows\SysWow64\rastls.dll
    2012-08-25 00:16:04   317952   ----a-w-   C:\Windows\SysWow64\MP4SDECD.DLL
    2012-08-25 00:16:04   295424   ----a-w-   C:\Windows\System32\MP4SDECD.DLL
    2012-08-25 00:14:49   880640   ----a-w-   C:\Windows\System32\timedate.cpl
    2012-08-25 00:14:48   714240   ----a-w-   C:\Windows\SysWow64\timedate.cpl
    2012-08-25 00:12:40   2080768   ----a-w-   C:\Program Files\Windows Mail\msoe.dll
    2012-08-25 00:12:39   1616384   ----a-w-   C:\Program Files (x86)\Windows Mail\msoe.dll
    2012-08-25 00:12:35   90624   ----a-w-   C:\Windows\System32\drivers\bowser.sys
    2012-08-25 00:12:32   416768   ----a-w-   C:\Windows\System32\sbe.dll
    2012-08-25 00:12:32   322560   ----a-w-   C:\Windows\SysWow64\sbe.dll
    2012-08-25 00:12:32   226816   ----a-w-   C:\Windows\System32\mpg2splt.ax
    2012-08-25 00:12:32   210944   ----a-w-   C:\Windows\System32\sbeio.dll
    2012-08-25 00:12:32   177664   ----a-w-   C:\Windows\SysWow64\mpg2splt.ax
    2012-08-25 00:12:32   153088   ----a-w-   C:\Windows\SysWow64\sbeio.dll
    2012-08-25 00:12:21   88576   ----a-w-   C:\Windows\System32\atl.dll
    2012-08-25 00:12:20   71680   ----a-w-   C:\Windows\SysWow64\atl.dll
    2012-08-25 00:10:46   82944   ----a-w-   C:\Windows\System32\msasn1.dll
    2012-08-25 00:09:23   1398784   ----a-w-   C:\Windows\System32\mfc42.dll
    2012-08-25 00:09:23   1360384   ----a-w-   C:\Windows\System32\mfc42u.dll
    2012-08-25 00:09:23   1162240   ----a-w-   C:\Windows\SysWow64\mfc42u.dll
    2012-08-25 00:09:23   1136640   ----a-w-   C:\Windows\SysWow64\mfc42.dll
    2012-08-24 23:56:31   --------   d-----w-   C:\Users\jessica\AppData\Local\ATI
    2012-08-24 23:56:29   --------   d-----w-   C:\Users\jessica\AppData\Local\Hewlett-Packard
    2012-08-24 23:56:00   --------   d-----w-   C:\Users\jessica\AppData\Local\VirtualStore
    2012-08-24 23:46:37   72192   ----a-w-   C:\Windows\System32\l3codeca.acm
    2012-08-24 23:46:37   62464   ----a-w-   C:\Windows\SysWow64\l3codeca.acm
    2012-08-24 23:46:37   220672   ----a-w-   C:\Windows\SysWow64\l3codecp.acm
    2012-08-24 23:46:37   181760   ----a-w-   C:\Windows\System32\l3codecp.acm
    2012-08-24 23:38:36   1251840   ----a-w-   C:\Windows\System32\sdclt.exe
    2012-08-24 23:23:12   98304   ----a-w-   C:\Windows\SysWow64\cabview.dll
    2012-08-24 23:23:12   104960   ----a-w-   C:\Windows\System32\cabview.dll
    2012-08-24 23:16:15   --------   d-----w-   C:\Users\jessica\AppData\Roaming\HP TCS
    2012-08-24 23:14:44   26168   ----a-w-   C:\Windows\System32\drivers\usbfilter.sys
    2012-08-24 23:14:43   --------   d-----w-   C:\Program Files (x86)\AMD
    2012-08-24 23:03:08   --------   d-----w-   C:\Users\jessica\AppData\Local\WindowsUpdate
    2012-08-24 22:41:35   0   ----a-w-   C:\Windows\ativpsrm.bin
    2012-08-24 22:39:49   68608   ----a-w-   C:\Windows\System32\AESTAR64.dll
    2012-08-24 22:39:49   431104   ----a-w-   C:\Windows\System32\AESTEC64.dll
    2012-08-24 22:39:49   165888   ----a-w-   C:\Windows\System32\AESTAC64.dll
    2012-08-24 22:39:48   90624   ----a-w-   C:\Windows\System32\AESTCo64.dll
    2012-08-24 22:39:48   564224   ----a-w-   C:\Windows\System32\idt64mp1.exe
    2012-08-24 22:39:48   3562496   ----a-w-   C:\Windows\System32\stlang64.dll
    2012-08-24 22:39:48   12148224   ----a-w-   C:\Windows\System32\idtcpl64.cpl
    2012-08-24 22:39:34   --------   d-----w-   C:\Windows\System32\SRSLabs
    2012-08-24 22:39:00   209408   ----a-w-   C:\Windows\System32\staco64.dll
    2012-08-24 22:38:56   1431040   ----a-w-   C:\Windows\System32\stapo64.dll
    2012-08-24 22:38:41   --------   d-----w-   C:\Program Files\IDT
    2012-08-24 22:38:17   131   ----a-w-   C:\Windows\xUninstall.bat
    2012-08-24 22:36:17   109568   ----a-w-   C:\Windows\System32\JmCrIcon.dll
    2012-08-24 22:35:44   161792   ----a-w-   C:\Windows\System32\drivers\Rtlh64.sys
    2012-08-24 22:35:43   --------   d-----w-   C:\Program Files (x86)\Realtek
    2012-08-24 22:35:20   --------   d-----w-   C:\Windows\SysWow64\HPMDP
    2012-08-24 22:34:54   --------   d-----w-   C:\Program Files\Apoint2K
    2012-08-24 22:30:47   --------   d-----w-   C:\Program Files (x86)\ATI Technologies
    2012-08-24 22:29:35   --------   d-----w-   C:\Windows\System32\no-NO
    2012-08-24 22:29:31   6656   ----a-w-   C:\Windows\System32\bcmwlrc.dll
    2012-08-24 22:29:30   85232   ----a-w-   C:\Windows\System32\bcmwlcoi.dll
    2012-08-24 22:29:30   3834880   ----a-w-   C:\Windows\System32\bcmihvsrv64.dll
    2012-08-24 22:29:29   --------   d-----w-   C:\Program Files\Broadcom
    2012-08-24 22:28:32   54824   ------w-   C:\Windows\SysWow64\agrsmdel.exe
    2012-08-24 22:28:32   14336   ------w-   C:\Windows\SysWow64\agrsco64.dll
    2012-08-24 22:28:11   --------   d-----w-   C:\Windows\Options
    2012-08-24 22:13:48   --------   d-----w-   C:\Program Files (x86)\Hp
    2012-08-24 22:13:40   --------   d-----w-   C:\Users\jessica\AppData\Roaming\HpUpdate
    2012-08-24 22:13:38   --------   d-----w-   C:\Windows\Hewlett-Packard
    .
    ==================== Find3M  ====================
    .
    2012-08-25 21:22:02   161792   ----a-w-   C:\Windows\SysWow64\msls31.dll
    2012-08-25 21:22:00   86528   ----a-w-   C:\Windows\SysWow64\iesysprep.dll
    2012-08-25 21:22:00   76800   ----a-w-   C:\Windows\SysWow64\SetIEInstalledDate.exe
    2012-08-25 21:22:00   74752   ----a-w-   C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2012-08-25 21:22:00   74752   ----a-w-   C:\Windows\SysWow64\iesetup.dll
    2012-08-25 21:22:00   63488   ----a-w-   C:\Windows\SysWow64\tdc.ocx
    2012-08-25 21:22:00   48640   ----a-w-   C:\Windows\SysWow64\mshtmler.dll
    2012-08-25 21:22:00   367104   ----a-w-   C:\Windows\SysWow64\html.iec
    2012-08-25 21:22:00   23552   ----a-w-   C:\Windows\SysWow64\licmgr10.dll
    2012-08-25 16:43:30   449024   ----a-w-   C:\Windows\System32\WMPhoto.dll
    2012-06-28 03:28:35   2312704   ----a-w-   C:\Windows\System32\jscript9.dll
    2012-06-28 03:21:17   1392128   ----a-w-   C:\Windows\System32\wininet.dll
    2012-06-28 03:20:41   1494528   ----a-w-   C:\Windows\System32\inetcpl.cpl
    2012-06-28 03:16:25   173056   ----a-w-   C:\Windows\System32\ieUnatt.exe
    2012-06-28 03:12:35   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
    2012-06-28 00:27:12   1800704   ----a-w-   C:\Windows\SysWow64\jscript9.dll
    2012-06-28 00:19:52   1427968   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
    2012-06-28 00:18:16   1129472   ----a-w-   C:\Windows\SysWow64\wininet.dll
    2012-06-28 00:12:08   142848   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
    2012-06-28 00:07:44   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH:  0:10:34.71 ===============


    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    AMD USB Audio Driver Filter
    Atlantis Gold Casino
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization Chinese Standard
    Catalyst Control Center Localization Chinese Traditional
    Catalyst Control Center Localization Czech
    Catalyst Control Center Localization Danish
    Catalyst Control Center Localization Dutch
    Catalyst Control Center Localization Finnish
    Catalyst Control Center Localization French
    Catalyst Control Center Localization German
    Catalyst Control Center Localization Greek
    Catalyst Control Center Localization Hungarian
    Catalyst Control Center Localization Italian
    Catalyst Control Center Localization Japanese
    Catalyst Control Center Localization Korean
    Catalyst Control Center Localization Norwegian
    Catalyst Control Center Localization Polish
    Catalyst Control Center Localization Portuguese
    Catalyst Control Center Localization Russian
    Catalyst Control Center Localization Spanish
    Catalyst Control Center Localization Swedish
    Catalyst Control Center Localization Thai
    Catalyst Control Center Localization Turkish
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Cirrus Casino
    CyberLink DVD Suite
    D3DX10
    HP Doc Viewer
    HP Help and Support
    HP MediaSmart DVD
    HP MediaSmart Music/Photo/Video
    HP MediaSmart Webcam
    HP MULTIPLE MODEM INSTALLER for VISTA
    HP Quick Launch Buttons 6.40 H2
    HP Total Care Advisor
    HP User Guides 0125
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    IDT Audio
    Junk Mail filter update
    LabelPrint
    Lucky18 Casino
    Malwarebytes Anti-Malware version 1.62.0.1300
    Mesh Runtime
    Messenger Companion
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    MP3 Rocket
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Power2Go
    PowerDirector
    Realtek 8169 8168 8101E 8102E Ethernet Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Segoe UI
    Skins
    Slingbox - Watch Your TV Anywhere
    SlingPlayer
    Treasure Island Jackpots
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== End Of File ===========================
      but then I found this wile in my malware bits folders....


    Inno Setup Uninstall Log (b)                                    Malwarebytes' Anti-Malware                                                                                                      Malwarebytes Anti-Malware                                                                                                       0   Z   4  %                                                                                                               Uɪ        Y   
    JESSICA-PCjessica3C:\users\jessica\desktop\Malwarebytes' Anti-Malware       7  .     IFPS       -              
                                      
                                       BOOLEAN           TNEWCHECKBOX    TNEWCHECKBOX       TNEWSTATICTEXT   TNEWSTATICTEXT       TOBJECT   TOBJECT       TWIZARDFORM    TWIZARDFORM       TNEWRADIOBUTTON   TNEWRADIOBUTTON           TCONTROL   TCONTROL   
       TCOMPONENT
       TCOMPONENT       TRICHEDITVIEWER   TRICHEDITVIEWER                 TWINCONTROL    TWINCONTROL       TNEWNOTEBOOKPAGE   TNEWNOTEBOOKPAGE            +        !MAIN   -1 1   dll:setup:files:mbam.dll ProtectionUninstall    5   dll:uninstall:{app}\mbam.dll ProtectionUninstall    /   dll:setup:files:mbam.dll ProtectionEnable     5   dll:setup:files:mbam.dll InstallerShowStartTrial    /   dll:setup:files:mbam.dll InstallerKillMBAM     3   dll:uninstall:{app}\mbam.dll InstallerKillMBAM    ,       ONCHECK   -1 @20
    WIZARDFORM    +   class:TWIZARDFORM|LICENSEACCEPTEDRADIO|       class:TCHECKBOX|CHECKED|        class:TRADIOBUTTON|CHECKED@|    .   class:TWIZARDFORM|LICENSENOTACCEPTEDRADIO|   =           ONCLICK   -1 @20SHELLEXECASORIGINALUSER         
      Q     INITIALIZEWIZARD   -1    class:TCONTROL|HIDE|      class:TCONTROL|CREATE|  
    CUSTOMMESSAGE        class:TCHECKBOX|CAPTION@|       class:TCHECKBOX|CHECKED@|       class:TCONTROL|LEFT@|    "   class:TWIZARDFORM|LICENSEMEMO|       class:TCONTROL|TOP|       class:TCONTROL|HEIGHT|   SCALEY        class:TCONTROL|TOP@|   SCALEX        class:TCONTROL|WIDTH@|       class:TCONTROL|HEIGHT@|       class:TCHECKBOX|ONCLICK@|    "   class:TWIZARDFORM|LICENSEPAGE|       class:TCONTROL|PARENT@|   j     
       BEFOREINSTALL   -1REGDELETEVALUE                AFTERINSTALL   -1!        BEFOREUNINSTALL   -1   UNLOADDLL     EXPANDCONSTANT    REGDELETEKEYINCLUDINGSUBKEYS       S      CURSTEPCHANGED   -1 @301  *      CURUNINSTALLSTEPCHANGED   -1 @31[  (      SHOWSTARTTRIAL   16        ISWIN32   16ISWIN64   
                                   `       `
       /      `            `       `
          `   `           `      `                      `       `
       /      `            `       `
          `   `   `           `      `           
                   `   `        `   
           `
                  `               `               `   4   https://store.malwarebytes.org/342/purl-corp-install           `      open   `                 `      `                    `      `                  `       `   `           `                            `   
       AcceptLicense   `           `               `           `       
           `
                   `       
                  `      `      `   
                  `      `      `       `   `
       
           `
             `       `   `        `       
       
           `
            `           `       
       
           `
             `           `               `              `                      `      `       `   `        `                   `       `   `           `                            `   
       AcceptNonComm   `           `               `           `       
           `
                   `       
               `       `   
               `       `       `   `
       
           `
             `       `   `        `       
       
           `
            `           `       
       
           `
             `           `               `              `                      `      `       `   `        `                          `   #   Malwareb   Xytes' Anti-Malware (reboot)        `   -   Software\Microsoft\Windows\CurrentVersion\Run
           `
            `"         
                    
          `               `      {app}\mbam.dll   `&   %               `   /   SYSTEM\CurrentControlSet\Services\mbamchameleon
           `
            `'              ` _      `   !           ` _      `   #              ` _      `   $      
          `     _   `
               _,    _                                    3C:\users\jessica\desktop\Malwarebytes' Anti-MalwareOC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-MalwareMalwarebytes' Anti-MalwareEnglish0   
       AcceptLicense"   
       AcceptLicence#   Jeg accepterer licensbetingelserne.   NameAndVersion
       %1 version %2   AdditionalIcons   Additional icons:   CreateDesktopIcon   Create a &desktop icon   CreateQuickLaunchIcon   Create a &Quick Launch icon   ProgramOnTheWeb
       %1 on the Web   UninstallProgram    Uninstall %1
       LaunchProgram      Launch %1   AssocFileExtension(   &Associate %1 with the %2 file extension   AssocingFileExtension,   Associating %1 with the %2 file extension...
       UpdateProgram      Update %1   UpdatingProgram    Updating %1
       AcceptLicense-   I accept the terms of this License Agreement.
       AcceptNonComm;   I accept that this software is for non-commercial use only.   MoreInfo    (More Info)
       StartTrial   Enable free trial of %1 PRO            0   .C:\Windows\sysnative\drivers\mbamchameleon.sys    /   -C:\Windows\system32\drivers\mbamchameleon.sys    A   ?C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\link.txt    A   ?C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\news.txt    5   3C:\users\jessica\desktop\Malwarebytes' Anti-Malware   *   $C:\Windows\system32\drivers\mbam.sys       E   ?C:\users\jessica\desktop\Malwarebytes' Anti-Malware\mbamext.dll       B   <C:\users\jessica\desktop\Malwarebytes' Anti-Malware\mbam.dll       F   @C:\users\jessica\desktop\Malwarebytes' Anti-Malware\mbamcore.dll       E   ?C:\users\jessica\desktop\Malwarebytes' Anti-Malware\mbamnet.dll       B   <C:\users\jessica\desktop\Malwarebytes' Anti-Malware\mbam.exe       E   ?C:\users\jessica\desktop\Malwarebytes' Anti-Malware\mbamgui.exe       I   CC:\users\jessica\desktop\Malwarebytes' Anti-Malware\mbamservice.exe       D   >C:\users\jessica\desktop\Malwarebytes' Anti-Malware\mbampt.exe         B   <C:\users\jessica\desktop\Malwarebytes' Anti-Malware\mbam.chm         E   ?C:\users\jessica\desktop\Malwarebytes' Anti-Malware\license.txt         E   ?C:\users\jessica\desktop\Malwarebytes' Anti-Malware\changes.txt       ?   =C:\users\jessica\desktop\Malwarebytes' Anti-Malware\Languages     N   HC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Languages\arabic.lng         R   LC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Languages\belarusian.lng         O   IC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Languages\bosnian.lng         Q   KC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Languages\bulgarian.lng         O   IC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Languages\catalan.lng         Q   KC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Languages\chineseSI.lng         Q   KC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Languages\chineseTR.lng         P   JC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Languages\croatian.lng         M   GC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Languages\czech.lng         N   HC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Languages\danish.lng         M   GC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Languages\dutch.lng         O   IC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Languages\english.lng         P   JC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Languages\estonian.lng         O   IC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Lang   Q7Nuages\finnish.lng         N   HC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Languages\french.lng         N   HC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Languages\german.lng         M   GC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Languages\greek.lng         N   HC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Languages\hebrew.lng         Q   KC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Languages\hungarian.lng         O   IC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Languages\italian.lng         N   HC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Languages\korean.lng         O   IC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Languages\latvian.lng         R   LC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Languages\lithuanian.lng         R   LC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Languages\macedonian.lng         Q   KC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Languages\norwegian.lng         N   HC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Languages\polish.lng         T   NC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Languages\portugueseBR.lng         T   NC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Languages\portuguesePT.lng         P   JC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Languages\romanian.lng         O   IC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Languages\russian.lng         O   IC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Languages\serbian.lng         N   HC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Languages\slovak.lng         Q   KC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Languages\slovenian.lng         O   IC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Languages\spanish.lng         O   IC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Languages\swedish.lng         L   FC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Languages\thai.lng         O   IC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Languages\turkish.lng         R   LC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Languages\vietnamese.lng         F   @C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref         V   PC:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\config.conf         U   OC:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\build.conf         V   PC:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\custom.conf         T   NC:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\news.conf         X   RC:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\database.conf         X   RC:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\manifest.conf       F   @C:\users\jessica\desktop\Malwarebytes' Anti-Malware\ssubtmr6.dll       H   BC:\users\jessica\desktop\Malwarebytes' Anti-Malware\vbalsgrid6.ocx       ?   =C:\users\jessica\desktop\Malwarebytes' Anti-Malware\Chameleon    Q   KC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm       S   MC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Chameleon\mbam-killer.exe       V   PC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe       V   PC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.com       V   PC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.pif       V   PC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.scr       O   IC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Chameleon\svchost.exe       O   IC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Chameleon\firefox.exe       O   IC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Chameleon\firefox.com       O   IC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Chameleon\firefox.pif       O   IC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Chameleon\firefox.scr       P   JC:\user   s\jessica\desktop\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe       P   JC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe       P   JC:\users\jessica\desktop\Malwarebytes' Anti-Malware\Chameleon\rundll32.exe         7   5C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk     7   5C:\Users\Public\Desktop\Malwarebytes Anti-Malware.pif   >   <SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe   >   <SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe   M   1SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceMalwarebytes Anti-Malware   T   RSoftware\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1               7  

    is it normal?

    Logged
    jessica

    Allan

    • Moderator

      • Mastermind
      • Thanked: 1260
    • Experience: Guru
    • OS: Windows 10
    Re: trojan? I think. please help
    « Reply #1 on: September 07, 2012, 01:14:40 PM »
    Please do not post the same logs more than once or bump your post. Our malware specialist will help as soon as he's able to. I deleted your double-post.
    Logged

    SuperDave

    • Malware Removal Specialist
    • Moderator


      • Genius
      • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: trojan? I think. please help
    « Reply #2 on: September 07, 2012, 07:10:00 PM »
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    What's kind of symptons are your computer displaying?

    Download Security Check by screen317 from one of the following links and save it to your desktop.

    Link 1
    Link 2

    * Double-click Security Check.bat
    * Follow the on-screen instructions inside of the black box.
    * A Notepad document should open automatically called checkup.txt
    * Post the contents of that document in your next reply.

    Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
    ***********************************************************
    Please download aswMBR.exe ( 511KB ) to your desktop.

    Double click the aswMBR.exe to run it



    Click the "Scan" button to start scan

    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



    On completion of the scan click save log, save it to your desktop and post in your next reply
    Logged
    Windows 8 and Windows 10 dual boot with two SSD's
    Pages: [1]   Go Up
    « previous next »