Anjz
-
Posts
3 -
Joined
-
Last visited
-
Database version: 911122102 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 21/12/2011 4:59:32 PM mbam-log-2011-12-21 (16-10-21).txt Scan type: Quick scan Objects scanned: 1 Time elapsed: 3 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\Anj\AppData\Local\Temp\dclogs\2011-12-21-4.dc (Stolen.Data) -> Quarantined and deleted successfully. Appeared once again ComboFix 11-12-20.04 - Anj 21/12/2011 0:07.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.4077.1612 [GMT -5:00] Running from: c:\users\Anj\Downloads\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\shs_setup_4059-354328.exe c:\users\Anj\AppData\Roaming\mIRC\logs\status.log . . ((((((((((((((((((((((((( Files Created from 2011-11-21 to 2011-12-21 ))))))))))))))))))))))))))))))) . . 2011-12-21 05:13 . 2011-12-21 05:13 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-12-21 04:52 . 2011-12-21 04:52 -------- d-----w- c:\program files (x86)\ESET 2011-12-20 20:20 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0C374CBE-95B5-4A1B-B43C-A0B3EDD16378}\mpengine.dll 2011-12-19 23:47 . 2011-12-19 23:47 -------- d-----w- c:\program files (x86)\FileHippo.com 2011-12-19 03:00 . 2011-12-19 03:00 -------- d-----w- c:\program files\7-Zip 2011-12-18 06:05 . 2011-12-18 06:05 1249792 --sh--r- c:\users\Anj\AppData\Roaming\Microsoft\Services\dllhost.exe 2011-12-17 16:30 . 2011-12-17 16:30 -------- d-----w- c:\programdata\ATI 2011-12-17 16:30 . 2011-12-17 16:30 -------- d-----w- c:\program files (x86)\AMD APP 2011-12-16 05:04 . 2011-12-16 05:04 -------- d-----w- c:\users\Anj\AppData\Roaming\Adobe Mini Bridge CS5.1 2011-12-15 02:13 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll 2011-12-15 02:13 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll 2011-12-15 02:13 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll 2011-12-15 02:13 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys 2011-12-15 02:13 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll 2011-12-15 02:13 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2011-12-06 21:13 . 2011-12-06 21:13 -------- d-----w- c:\program files (x86)\QuickTime 2011-12-05 00:38 . 2011-12-05 00:38 -------- d-----w- c:\users\Anj\AppData\Roaming\pymclevel 2011-12-05 00:38 . 2011-12-05 00:38 -------- d-----w- c:\users\Anj\AppData\Local\MCEdit-64bit 2011-12-04 06:36 . 2011-12-04 06:37 -------- d--h--w- c:\windows\msdownld.tmp 2011-12-04 01:05 . 2011-12-04 01:05 -------- d-----w- c:\program files\Java 2011-12-04 00:35 . 2011-12-04 01:05 525544 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-30 17:36 . 2011-11-30 17:36 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-21 05:17 . 2011-12-21 05:17 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0C374CBE-95B5-4A1B-B43C-A0B3EDD16378}\offreg.dll 2011-11-18 15:00 . 2011-05-16 19:31 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-11-17 02:25 . 2011-11-17 02:25 670224 ----a-w- c:\windows\SysWow64\xsherlock.xem 2011-11-10 03:45 . 2011-11-10 03:45 10567680 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2011-11-10 03:39 . 2011-11-10 03:39 69632 ----a-w- c:\windows\system32\OpenVideo64.dll 2011-11-10 03:39 . 2011-11-10 03:39 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2011-11-10 03:39 . 2011-11-10 03:39 61952 ----a-w- c:\windows\system32\OVDecode64.dll 2011-11-10 03:39 . 2011-11-10 03:39 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll 2011-11-10 03:39 . 2011-11-10 03:39 17442304 ----a-w- c:\windows\system32\amdocl64.dll 2011-11-10 03:38 . 2011-11-10 03:38 14375936 ----a-w- c:\windows\SysWow64\amdocl.dll 2011-11-10 03:37 . 2011-11-10 03:37 51200 ----a-w- c:\windows\system32\OpenCL.dll 2011-11-10 03:37 . 2011-11-10 03:37 44032 ----a-w- c:\windows\SysWow64\OpenCL.dll 2011-11-10 03:20 . 2011-11-10 03:20 25218048 ----a-w- c:\windows\system32\atio6axx.dll 2011-11-10 03:17 . 2011-11-10 03:17 159744 ----a-w- c:\windows\system32\atiapfxx.exe 2011-11-10 03:16 . 2011-09-08 17:34 774656 ----a-w- c:\windows\SysWow64\aticfx32.dll 2011-11-10 03:15 . 2011-09-08 17:32 927232 ----a-w- c:\windows\system32\aticfx64.dll 2011-11-10 03:12 . 2011-11-10 03:12 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll 2011-11-10 03:12 . 2011-11-10 03:12 516608 ----a-w- c:\windows\system32\atieclxx.exe 2011-11-10 03:11 . 2011-11-10 03:11 204288 ----a-w- c:\windows\system32\atiesrxx.exe 2011-11-10 03:10 . 2011-11-10 03:10 120320 ----a-w- c:\windows\system32\atitmm64.dll 2011-11-10 03:09 . 2011-11-10 03:09 423424 ----a-w- c:\windows\system32\atipdl64.dll 2011-11-10 03:09 . 2011-11-10 03:09 360448 ----a-w- c:\windows\SysWow64\atipdlxx.dll 2011-11-10 03:09 . 2011-11-10 03:09 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll 2011-11-10 03:09 . 2011-11-10 03:09 21504 ----a-w- c:\windows\system32\atimuixx.dll 2011-11-10 03:09 . 2011-11-10 03:09 59392 ----a-w- c:\windows\system32\atiedu64.dll 2011-11-10 03:09 . 2011-11-10 03:09 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2011-11-10 03:06 . 2011-09-08 17:24 6077952 ----a-w- c:\windows\SysWow64\atidxx32.dll 2011-11-10 02:58 . 2011-11-10 02:58 18996224 ----a-w- c:\windows\SysWow64\atioglxx.dll 2011-11-10 02:51 . 2011-09-08 17:16 7405056 ----a-w- c:\windows\system32\atidxx64.dll 2011-11-10 02:40 . 2011-11-10 02:40 1113088 ----a-w- c:\windows\system32\atiumd6v.dll 2011-11-10 02:40 . 2011-11-10 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll 2011-11-10 02:40 . 2011-10-26 01:43 4061696 ----a-w- c:\windows\system32\atiumd6a.dll 2011-11-10 02:34 . 2011-11-10 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2011-11-10 02:34 . 2011-11-10 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2011-11-10 02:34 . 2011-11-10 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2011-11-10 02:34 . 2011-11-10 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2011-11-10 02:34 . 2011-11-10 02:34 13552640 ----a-w- c:\windows\system32\aticaldd64.dll 2011-11-10 02:33 . 2011-10-26 01:35 5852672 ----a-w- c:\windows\SysWow64\atiumdag.dll 2011-11-10 02:29 . 2011-11-10 02:29 11300864 ----a-w- c:\windows\SysWow64\aticaldd.dll 2011-11-10 02:29 . 2011-10-26 01:32 4200960 ----a-w- c:\windows\SysWow64\atiumdva.dll 2011-11-10 02:24 . 2011-10-26 01:29 7439360 ----a-w- c:\windows\system32\atiumd64.dll 2011-11-10 02:18 . 2011-09-08 16:59 58880 ----a-w- c:\windows\system32\coinst.dll 2011-11-10 02:13 . 2011-11-10 02:13 494592 ----a-w- c:\windows\system32\atiadlxx.dll 2011-11-10 02:13 . 2011-11-10 02:13 348160 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2011-11-10 02:13 . 2011-11-10 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll 2011-11-10 02:13 . 2011-11-10 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2011-11-10 02:13 . 2011-11-10 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll 2011-11-10 02:13 . 2011-11-10 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll 2011-11-10 02:12 . 2011-11-10 02:12 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll 2011-11-10 02:12 . 2011-11-10 02:12 325632 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2011-11-10 02:11 . 2011-09-08 16:52 41984 ----a-w- c:\windows\system32\atiuxp64.dll 2011-11-10 02:11 . 2011-09-08 16:51 32256 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2011-11-10 02:11 . 2011-10-26 01:21 39424 ----a-w- c:\windows\system32\atiu9p64.dll 2011-11-10 02:11 . 2011-11-10 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll 2011-11-10 02:11 . 2011-11-10 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll 2011-11-10 02:11 . 2011-09-08 16:51 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2011-11-10 02:11 . 2011-11-10 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll 2011-11-10 02:11 . 2011-11-10 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2011-11-10 02:10 . 2011-11-10 02:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2011-11-09 05:28 . 2011-11-09 05:28 466456 ----a-w- c:\windows\system32\wrap_oal.dll 2011-11-09 05:28 . 2011-11-09 05:28 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2011-11-09 05:28 . 2011-11-09 05:28 122904 ----a-w- c:\windows\system32\OpenAL32.dll 2011-11-09 05:28 . 2011-11-09 05:28 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2011-11-06 00:25 . 2011-11-06 00:25 47616 ----a-w- c:\windows\SysWow64\pdf995mon64.dll 2011-10-26 02:21 . 2011-10-26 02:21 66560 ----a-w- c:\windows\system32\OVDecoder64.dll 2011-10-26 02:21 . 2011-10-26 02:21 56832 ----a-w- c:\windows\SysWow64\OVDecoder.dll 2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2011-10-22 01:16 . 2011-10-22 01:16 1843200 ----a-w- c:\windows\SysWow64\SlotMaximizerBe.dll 2011-10-22 01:15 . 2011-10-22 01:15 104448 ----a-w- c:\windows\SysWow64\SlotMaximizerAg.dll 2011-10-22 01:12 . 2011-10-22 01:12 2763264 ----a-w- c:\windows\system32\SlotMaximizerBe.dll 2011-10-22 01:07 . 2011-10-22 01:07 125440 ----a-w- c:\windows\system32\SlotMaximizerAg.dll 2011-10-17 17:40 . 2011-10-17 17:40 93712 ----a-w- c:\windows\system32\drivers\AtihdW76.sys 2011-10-03 09:06 . 2011-04-24 20:56 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-09-29 16:29 . 2011-11-08 20:48 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-09-28 22:45 . 2011-09-28 22:45 15453832 ----a-w- c:\windows\SysWow64\xlive.dll 2011-09-28 22:45 . 2011-09-28 22:45 13642888 ----a-w- c:\windows\SysWow64\xlivefnt.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-11-09 1242448] "Dynamic Link Library Host Application"="c:\users\Anj\AppData\Roaming\Microsoft\Services\dllhost.exe" [2011-12-18 1249792] "FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416] "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2010-03-05 411864] "Lycosa"="c:\program files (x86)\Razer\Lycosa\razerhid.exe" [2007-11-20 147456] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "DeathAdderBlackEdition"="c:\program files (x86)\Razer\DeathAdderBlackEdition\razerhid.exe" [2011-03-21 246272] "Rogers SHS"="c:\program files (x86)\Rogers\SelfHealing\shs.exe" [2010-06-03 2736128] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 343168] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Motorola Wireless USB Adapter.lnk - c:\program files\Motorola Wireless\WU830G USB Adapter\Startup.EXE [2011-9-29 24576] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Taskman"="" . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-24 136176] R3 athrusb;Belkin Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys [x] R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [x] R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-24 136176] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 vtany;vtany;c:\windows\vtany.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x] R3 xspirit;xspirit;c:\windows\xspirit.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-03-05 235752] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] S2 RogersSelfHelpService;Rogers SHS Service;c:\program files (x86)\Rogers\SelfHealing\RogersSelfHelpService.exe [2010-06-03 139264] S2 RogersUpdateManager;Rogers Update Manager;c:\program files (x86)\Rogers\Update Manager\RogersUpdateManager.exe [2010-06-03 163840] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 arusb_win7x;Service For TP-LINK Wireless N Adapter;c:\windows\system32\DRIVERS\arusb_win7x.sys [x] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 DABlackFltr;DeathAdder Black Edition Mouse;c:\windows\system32\drivers\DABlack.sys [x] S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2011-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-24 21:17] . 2011-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-24 21:17] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-25 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-25 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-25 418840] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.ask.com/?l=dis&o=14196 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Anj\AppData\Roaming\Mozilla\Firefox\Profiles\ynyskti6.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-AdobeBridge - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xsherlock] "ImagePath"="c:\windows\system32\xsherlock.xem" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:ad,4d,2c,c3,fd,c9,6a,32,80,4c,82,26,14,62,d5,89,e3,17,97,15,ff, 9c,2f,ad,87,25,51,59,9f,e9,d5,6b,2d,f5,57,7c,d1,55,e2,92,c6,ac,6b,23,38,0b,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:ad,4d,2c,c3,fd,c9,6a,32,80,4c,82,26,14,62,d5,89,e3,17,97,15,ff, 9c,2f,ad,87,25,51,59,9f,e9,d5,6b,2d,f5,57,7c,d1,55,e2,92,c6,ac,6b,23,38,0b,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe c:\program files (x86)\Razer\Lycosa\razertra.exe c:\program files (x86)\Razer\DeathAdderBlackEdition\razertra.exe c:\program files (x86)\Razer\DeathAdderBlackEdition\razerofa.exe c:\program files (x86)\Razer\DeathAdderBlackEdition\vdDaemon.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2011-12-21 00:19:50 - machine was rebooted ComboFix-quarantined-files.txt 2011-12-21 05:19 . Pre-Run: 763,797,893,120 bytes free Post-Run: 764,253,564,928 bytes free . - - End Of File - - DD73854460A69C0E42110BB553D5FC35
-
Sorry about that, my dds didn't seem to attach here is the log . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29 Run by Anj at 16:04:49 on 2011-12-21 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.4077.2033 [GMT -5:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files\AVAST Software\Avast\afwServ.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Rogers\SelfHealing\RogersSelfHelpService.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe C:\Program Files (x86)\Razer\Lycosa\razerhid.exe C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe C:\Program Files (x86)\Razer\DeathAdderBlackEdition\razerhid.exe C:\Program Files (x86)\Razer\Lycosa\razertra.exe C:\Program Files (x86)\Rogers\SelfHealing\shs.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Razer\DeathAdderBlackEdition\razertra.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Motorola Wireless\WU830G USB Adapter\OdHost.exe C:\Program Files (x86)\Rogers\Update Manager\RogersUpdateManager.exe C:\Program Files\Motorola Wireless\WU830G USB Adapter\WLUSBCfg.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Razer\DeathAdderBlackEdition\razerofa.exe C:\Program Files (x86)\Razer\DeathAdderBlackEdition\vdDaemon.exe C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe C:\Users\Anj\AppData\Roaming\Microsoft\Services\dllhost.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\sysWOW64\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Program Files\Sandboxie\SbieSvc.exe C:\Program Files\Sandboxie\SbieCtrl.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.ask.com/?l=dis&o=14196 uInternet Settings,ProxyOverride = *.local uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRun: [Dynamic Link Library Host Application] C:\Users\Anj\AppData\Roaming\Microsoft\Services\dllhost.exe uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background uRun: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" mRun: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe" mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [DeathAdderBlackEdition] C:\Program Files (x86)\Razer\DeathAdderBlackEdition\razerhid.exe mRun: [Rogers SHS] C:\Program Files (x86)\Rogers\SelfHealing\shs.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOTORO~1.LNK - C:\Program Files\Motorola Wireless\WU830G USB Adapter\Startup.EXE mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{3D798ED3-9C93-417A-8705-ADF5AF2AE2EB} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{756DF056-8288-4374-A9CD-F2100FAD45A1} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{7727A9DA-BF82-47B6-908F-2CF468E557D1} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{7727A9DA-BF82-47B6-908F-2CF468E557D1}\14E6A6 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{95566592-5E1D-45BC-83AB-5FDDAC68E5C2} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{95566592-5E1D-45BC-83AB-5FDDAC68E5C2}\4656661657C647 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{B46B3C11-C163-4C9E-AE2F-8E36BBA97C8F} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{B46B3C11-C163-4C9E-AE2F-8E36BBA97C8F}\4656661657C647 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{C93C97AB-FE59-47E0-B62A-6F4EA111570F} : DhcpNameServer = 192.168.0.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO-X64: Increase performance and video formats for your HTML5 <video> - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun-x64: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" mRun-x64: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe" mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [DeathAdderBlackEdition] C:\Program Files (x86)\Razer\DeathAdderBlackEdition\razerhid.exe mRun-x64: [Rogers SHS] C:\Program Files (x86)\Rogers\SelfHealing\shs.exe mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Anj\AppData\Roaming\Mozilla\Firefox\Profiles\ynyskti6.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?] R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?] R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?] R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?] R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-12-21 44768] R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2011-12-21 127192] R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-3-5 235752] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-23 366152] R2 RogersSelfHelpService;Rogers SHS Service;C:\Program Files (x86)\Rogers\SelfHealing\RogersSelfHelpService.exe [2010-6-3 139264] R2 RogersUpdateManager;Rogers Update Manager;C:\Program Files (x86)\Rogers\Update Manager\RogersUpdateManager.exe [2010-6-3 163840] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-5 2656280] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 arusb_win7x;Service For TP-LINK Wireless N Adapter;C:\Windows\system32\DRIVERS\arusb_win7x.sys --> C:\Windows\system32\DRIVERS\arusb_win7x.sys [?] R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?] R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 DABlackFltr;DeathAdder Black Edition Mouse;C:\Windows\system32\drivers\DABlack.sys --> C:\Windows\system32\drivers\DABlack.sys [?] R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?] R3 Lycosa;Lycosa Keyboard;C:\Windows\system32\drivers\Lycosa.sys --> C:\Windows\system32\drivers\Lycosa.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-11-23 158336] R3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-24 136176] S3 athrusb;Belkin Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrxusb.sys --> C:\Windows\system32\DRIVERS\athrxusb.sys [?] S3 athur;Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?] S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-24 136176] S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem [2011-11-16 670224] . =============== Created Last 30 ================ . 2011-12-21 20:40:15 -------- d-----w- C:\Program Files\Sandboxie 2011-12-21 20:28:09 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0C374CBE-95B5-4A1B-B43C-A0B3EDD16378}\offreg.dll 2011-12-21 20:26:17 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-12-21 05:51:22 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll 2011-12-21 05:51:22 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll 2011-12-21 05:51:22 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll 2011-12-21 05:51:22 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll 2011-12-21 05:51:22 121816 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll 2011-12-21 05:42:52 140120 ----a-w- C:\Windows\System32\drivers\aswFW.sys 2011-12-21 05:42:04 258392 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys 2011-12-21 05:41:57 12368 ----a-w- C:\Windows\System32\drivers\aswNdis.sys 2011-12-21 05:32:27 -------- d-----w- C:\Program Files (x86)\FileHippo.com 2011-12-21 05:32:10 -------- d-sh--w- C:\$RECYCLE.BIN 2011-12-21 05:05:53 98816 ----a-w- C:\Windows\sed.exe 2011-12-21 05:05:53 518144 ----a-w- C:\Windows\SWREG.exe 2011-12-21 05:05:53 256000 ----a-w- C:\Windows\PEV.exe 2011-12-21 05:05:53 208896 ----a-w- C:\Windows\MBR.exe 2011-12-21 04:52:05 -------- d-----w- C:\Program Files (x86)\ESET 2011-12-20 20:20:54 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0C374CBE-95B5-4A1B-B43C-A0B3EDD16378}\mpengine.dll 2011-12-18 06:05:47 1249792 --sh--r- C:\Users\Anj\AppData\Roaming\Microsoft\Services\dllhost.exe 2011-12-17 16:30:01 -------- d-----w- C:\Program Files (x86)\AMD APP 2011-12-16 05:04:25 -------- d-----w- C:\Users\Anj\AppData\Roaming\Adobe Mini Bridge CS5.1 2011-12-15 02:13:19 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2011-12-15 02:13:15 723456 ----a-w- C:\Windows\System32\EncDec.dll 2011-12-15 02:13:15 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll 2011-12-15 02:13:14 3145216 ----a-w- C:\Windows\System32\win32k.sys 2011-12-15 02:13:06 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2011-12-15 02:13:06 2048 ----a-w- C:\Windows\System32\tzres.dll 2011-12-05 00:38:13 -------- d-----w- C:\Users\Anj\AppData\Roaming\pymclevel 2011-12-05 00:38:01 -------- d-----w- C:\Users\Anj\AppData\Local\MCEdit-64bit 2011-12-04 06:36:25 -------- d--h--w- C:\Windows\msdownld.tmp 2011-12-04 06:36:20 -------- d-----w- C:\Windows\SysWow64\directx 2011-12-04 00:35:53 525544 ----a-w- C:\Windows\System32\deployJava1.dll . ==================== Find3M ==================== . 2011-11-28 18:01:25 41184 ----a-w- C:\Windows\avastSS.scr 2011-11-28 17:54:06 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2011-11-28 17:52:11 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2011-11-18 15:00:43 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-11-17 02:25:30 670224 ----a-w- C:\Windows\SysWow64\xsherlock.xem 2011-11-10 03:45:30 10567680 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2011-11-10 03:39:50 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll 2011-11-10 03:39:44 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll 2011-11-10 03:39:36 61952 ----a-w- C:\Windows\System32\OVDecode64.dll 2011-11-10 03:39:32 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2011-11-10 03:39:22 17442304 ----a-w- C:\Windows\System32\amdocl64.dll 2011-11-10 03:38:40 14375936 ----a-w- C:\Windows\SysWow64\amdocl.dll 2011-11-10 03:37:50 51200 ----a-w- C:\Windows\System32\OpenCL.dll 2011-11-10 03:37:46 44032 ----a-w- C:\Windows\SysWow64\OpenCL.dll 2011-11-10 03:20:50 25218048 ----a-w- C:\Windows\System32\atio6axx.dll 2011-11-10 03:17:10 159744 ----a-w- C:\Windows\System32\atiapfxx.exe 2011-11-10 03:16:56 774656 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2011-11-10 03:15:20 927232 ----a-w- C:\Windows\System32\aticfx64.dll 2011-11-10 03:12:24 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll 2011-11-10 03:12:10 516608 ----a-w- C:\Windows\System32\atieclxx.exe 2011-11-10 03:11:32 204288 ----a-w- C:\Windows\System32\atiesrxx.exe 2011-11-10 03:10:18 120320 ----a-w- C:\Windows\System32\atitmm64.dll 2011-11-10 03:09:58 423424 ----a-w- C:\Windows\System32\atipdl64.dll 2011-11-10 03:09:52 360448 ----a-w- C:\Windows\SysWow64\atipdlxx.dll 2011-11-10 03:09:40 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll 2011-11-10 03:09:34 21504 ----a-w- C:\Windows\System32\atimuixx.dll 2011-11-10 03:09:30 59392 ----a-w- C:\Windows\System32\atiedu64.dll 2011-11-10 03:09:24 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2011-11-10 03:06:20 6077952 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2011-11-10 02:58:20 18996224 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2011-11-10 02:51:18 7405056 ----a-w- C:\Windows\System32\atidxx64.dll 2011-11-10 02:40:52 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll 2011-11-10 02:40:18 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll 2011-11-10 02:40:04 4061696 ----a-w- C:\Windows\System32\atiumd6a.dll 2011-11-10 02:34:54 51200 ----a-w- C:\Windows\System32\aticalrt64.dll 2011-11-10 02:34:52 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2011-11-10 02:34:44 44544 ----a-w- C:\Windows\System32\aticalcl64.dll 2011-11-10 02:34:42 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2011-11-10 02:34:28 13552640 ----a-w- C:\Windows\System32\aticaldd64.dll 2011-11-10 02:33:52 5852672 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2011-11-10 02:29:58 11300864 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2011-11-10 02:29:46 4200960 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2011-11-10 02:24:26 7439360 ----a-w- C:\Windows\System32\atiumd64.dll 2011-11-10 02:18:44 58880 ----a-w- C:\Windows\System32\coinst.dll 2011-11-10 02:13:32 494592 ----a-w- C:\Windows\System32\atiadlxx.dll 2011-11-10 02:13:22 348160 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2011-11-10 02:13:08 17408 ----a-w- C:\Windows\System32\atig6pxx.dll 2011-11-10 02:13:04 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2011-11-10 02:13:04 14336 ----a-w- C:\Windows\System32\atiglpxx.dll 2011-11-10 02:13:00 39936 ----a-w- C:\Windows\System32\atig6txx.dll 2011-11-10 02:12:52 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2011-11-10 02:12:44 325632 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2011-11-10 02:11:54 41984 ----a-w- C:\Windows\System32\atiuxp64.dll 2011-11-10 02:11:46 32256 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2011-11-10 02:11:40 39424 ----a-w- C:\Windows\System32\atiu9p64.dll 2011-11-10 02:11:32 54784 ----a-w- C:\Windows\System32\atimpc64.dll 2011-11-10 02:11:32 54784 ----a-w- C:\Windows\System32\amdpcom64.dll 2011-11-10 02:11:32 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2011-11-10 02:11:26 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2011-11-10 02:11:26 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll 2011-11-10 02:10:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll 2011-11-09 05:28:05 466456 ----a-w- C:\Windows\System32\wrap_oal.dll 2011-11-09 05:28:05 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll 2011-11-09 05:28:05 122904 ----a-w- C:\Windows\System32\OpenAL32.dll 2011-11-09 05:28:05 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll 2011-11-09 03:11:49 59 ----a-w- C:\Windows\wpd99.drv 2011-11-06 00:25:03 47616 ----a-w- C:\Windows\SysWow64\pdf995mon64.dll 2011-11-05 23:18:30 0 ----a-w- C:\Windows\ativpsrm.bin 2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll 2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll 2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll 2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-10-26 02:21:40 66560 ----a-w- C:\Windows\System32\OVDecoder64.dll 2011-10-26 02:21:34 56832 ----a-w- C:\Windows\SysWow64\OVDecoder.dll 2011-10-24 19:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2011-10-24 19:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2011-10-22 01:16:12 1843200 ----a-w- C:\Windows\SysWow64\SlotMaximizerBe.dll 2011-10-22 01:15:46 104448 ----a-w- C:\Windows\SysWow64\SlotMaximizerAg.dll 2011-10-22 01:12:32 2763264 ----a-w- C:\Windows\System32\SlotMaximizerBe.dll 2011-10-22 01:07:42 125440 ----a-w- C:\Windows\System32\SlotMaximizerAg.dll 2011-10-17 17:40:50 93712 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys 2011-10-03 09:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2011-09-28 22:45:42 15453832 ----a-w- C:\Windows\SysWow64\xlive.dll 2011-09-28 22:45:42 13642888 ----a-w- C:\Windows\SysWow64\xlivefnt.dll . ============= FINISH: 16:06:58.91 ===============
-
I've been trying to fight this malware where it keeps writing a dclogs.dc in temp file and I can't find the source of what is writing it. I have ran every possible virus/malware detecting, combofix and removals, but it keeps reappearing on that same folder and malware bytes keep detecting it! I open the .dc file in notepad and it's tracking every single thing I type on the internet including passwords and usernames... even though I have windows defender and avast, the malware somehow came into my computer. After some time researching I noticed the dc might be "Dark Comet" keyloggers, how can I get this spyware out of my system! I would greatly appreciate help, as I have no idea what to do now. Database version: 911122102 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 21/12/2011 4:10:21 PM mbam-log-2011-12-21 (16-10-21).txt Scan type: Quick scan Objects scanned: 1 Time elapsed: 3 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\Anj\AppData\Local\Temp\dclogs\2011-12-21-4.dc (Stolen.Data) -> Quarantined and deleted successfully.